Provided by: isakmpd_20041012-7_i386
certpatch - add subjectAltName identities to X.509 certificates
certpatch [-t identity-type] -i identity -k signing-key input-certificate
certpatch alters PEM-encoded X.509 certificates by adding a
subjectAltName extension containing an identity used by the signature-
based authentication schemes of the ISAKMP protocol. After the addition
the certificate will be signed once again with the supplied CA signing
The options are as follows:
If given, the -t option specifies the type of the given identity.
Currently ip, fqdn, and ufqdn are recognized. The default is ip.
The -i option takes an argument which is the identity to put into
the subjectAltName field of the certificate. If the identity-
type is ip, this argument should be an IPv4 address in dotted
The -k option specifies the key used for signing the certificate
once the subjectAltName extension has been added. The key is
specified by the filename where it is stored in PEM format.