Provided by: isakmpd_20041012-10build1_amd64
certpatch — add subjectAltName identities to X.509 certificates
certpatch [-t identity-type] -i identity -k signing-key input-certificate output-certificate
certpatch alters PEM-encoded X.509 certificates by adding a subjectAltName extension containing an identity used by the signature-based authentication schemes of the ISAKMP protocol. After the addition the certificate will be signed once again with the supplied CA signing key. The options are as follows: -t identity-type If given, the -t option specifies the type of the given identity. Currently ip, fqdn, and ufqdn are recognized. The default is ip. -i identity The -i option takes an argument which is the identity to put into the subjectAltName field of the certificate. If the identity-type is ip, this argument should be an IPv4 address in dotted decimal notation. -k signing-key The -k option specifies the key used for signing the certificate once the subjectAltName extension has been added. The key is specified by the filename where it is stored in PEM format.