command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {"[--in file] [--type rsa|ecdsa]",
- " --dn distinguished-name [--san subjectAltName]+",
- "[--password challengePassword]",
+ {" [--in file] [--type rsa|ecdsa] --dn distinguished-name",
+ "[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
--- /dev/null
+.TH "PKI \-\-REQ" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-req \- Create a PKCS#10 certificate request
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-req
+.OP \-\-in file
+.OP \-\-type type
+.BI \-\-dn\~ distinguished-name
+.OP \-\-san subjectAltName
+.OP \-\-password password
+.OP \-\-digest digest
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-req
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-req"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR ipsec\-pki (8)
+is used to create a PKCS#10 certificate request.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Private key input file. If not given the key is read from \fISTDIN\fR.
+.TP
+.BI "\-t, \-\-type " type
+Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+.TP
+.BI "\-d, \-\-dn " distinguished-name
+Subject distinguished name (DN). Required.
+.TP
+.BI "\-a, \-\-san " subjectAltName
+subjectAltName extension to include in request. Can be used multiple times.
+.TP
+.BI "\-p, \-\-password " password
+The challengePassword to include in the certificate request.
+.TP
+.BI "\-g, \-\-digest " digest
+Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
+\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to
+\fIsha1\fR.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
+\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
+.
+.SH "EXAMPLES"
+.
+Generate a certificate request for an RSA key, with a subjectAltName extension:
+.PP
+.EX
+ ipsec pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+ \-\-san moon@strongswan.org > req.der
+.EE
+.PP
+Generate a certificate request for an ECDSA key and a different digest:
+.PP
+.EX
+ ipsec pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\
+ \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der
+.EE
+.PP
+.
+.SH "SEE ALSO"
+.
+.BR ipsec\-pki (8)
\ No newline at end of file
projects / people / ms / strongswan.git / commitdiff
