Provided by: isakmpd_20041012-10build1_amd64 bug


     certpatch — add subjectAltName identities to X.509 certificates


     certpatch [-t identity-type] -i identity -k signing-key input-certificate output-certificate


     certpatch alters PEM-encoded X.509 certificates by adding a subjectAltName extension
     containing an identity used by the signature-based authentication schemes of the ISAKMP
     protocol.  After the addition the certificate will be signed once again with the supplied CA
     signing key.

     The options are as follows:

     -t identity-type
             If given, the -t option specifies the type of the given identity.  Currently ip,
             fqdn, and ufqdn are recognized.  The default is ip.

     -i identity
             The -i option takes an argument which is the identity to put into the subjectAltName
             field of the certificate.  If the identity-type is ip, this argument should be an
             IPv4 address in dotted decimal notation.

     -k signing-key
             The -k option specifies the key used for signing the certificate once the
             subjectAltName extension has been added.  The key is specified by the filename where
             it is stored in PEM format.


     isakmpd(8), ssl(8)