Provided by: strongswan-pki_5.9.6-1ubuntu2_amd64 bug

NAME

       pki --req - Create a PKCS#10 certificate request

SYNOPSIS

       pki --req [--in file|--keyid hex] [--type type] --dn distinguished-name
                 [--san subjectAltName] [--password password] [--digest digest]
                 [--rsa-padding padding] [--outform encoding] [--debug level]

       pki --req --options file

       pki --req -h | --help

DESCRIPTION

       This sub-command of pki(1) is used to create a PKCS#10 certificate request.

OPTIONS

       -h, --help
              Print usage information with a summary of the available options.

       -v, --debug level
              Set debug level, default: 1.

       -+, --options file
              Read command line options from file.

       -i, --in file
              Private key input file. If not given the key is read from STDIN.

       -x, --keyid hex
              Smartcard  or  TPM  private  key  object  handle  in hex format with an optional 0x
              prefix.

       -t, --type type
              Type of the input key. Either priv, rsa, ecdsa or bliss, defaults to priv.

       -d, --dn distinguished-name
              Subject distinguished name (DN). Required.

       -a, --san subjectAltName
              subjectAltName extension to include in request. Can be used multiple times.

       -p, --password password
              The challengePassword to include in the certificate request.

       -g, --digest digest
              Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384,  or
              sha512.  The default is determined based on the type and size of the signature key.

       -R, --rsa-padding padding
              Padding to use for RSA signatures. Either pkcs1 or pss, defaults to pkcs1.

       -f, --outform encoding
              Encoding  of  the  created  certificate file. Either der (ASN.1 DER) or pem (Base64
              PEM), defaults to der.

EXAMPLES

       Generate a certificate request for an RSA key, with a subjectAltName extension:

         pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
              --san moon@strongswan.org > req.der

       Generate a certificate request for an ECDSA key and a different digest:

         pki --req --in key.der --type ecdsa --digest sha256 \
             --dn "C=CH, O=strongSwan, CN=carol"  > req.der

SEE ALSO

       pki(1)