Provided by: strongswan-starter_5.1.2-0ubuntu2_amd64 bug


       pki --req - Create a PKCS#10 certificate request


       pki --req [--in file] [--type type] --dn distinguished-name [--san subjectAltName]
                 [--password password] [--digest digest] [--outform encoding] [--debug level]

       pki --req --options file

       pki --req -h | --help


       This sub-command of pki(1) is used to create a PKCS#10 certificate request.


       -h, --help
              Print usage information with a summary of the available options.

       -v, --debug level
              Set debug level, default: 1.

       -+, --options file
              Read command line options from file.

       -i, --in file
              Private key input file. If not given the key is read from STDIN.

       -t, --type type
              Type of the input key. Either rsa or ecdsa, defaults to rsa.

       -d, --dn distinguished-name
              Subject distinguished name (DN). Required.

       -a, --san subjectAltName
              subjectAltName extension to include in request. Can be used multiple times.

       -p, --password password
              The challengePassword to include in the certificate request.

       -g, --digest digest
              Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384,  or
              sha512. Defaults to sha1.

       -f, --outform encoding
              Encoding  of  the  created  certificate file. Either der (ASN.1 DER) or pem (Base64
              PEM), defaults to der.


       Generate a certificate request for an RSA key, with a subjectAltName extension:

         pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
              --san > req.der

       Generate a certificate request for an ECDSA key and a different digest:

         pki --req --in key.der --type ecdsa --digest sha256 \
             --dn "C=CH, O=strongSwan, CN=carol"  > req.der