PKI CERTIFICATE CREATE
Level
pki+modify LICENCE PKI
History
Appears in 9 0 0
tpm, tpmpassword, keytype appears in 3 10 0
Description
Create a new certificate You must have the authority private key
For a server certificate, the CN must be a FQDN
For a user, you must precise an email
For a SmartCard type, you must have an email and have define the CRLDP of the authority
You can also specify the UPN (UserPrincipalName) used to login in Windows environment
If no authority name is given, the default one is taken
CACHE_CATEGORY
pki
Example
PKI CERTIFICATE CREATE type=smartcard CN="John Doe" passphrase="secret" E=j doe@company com UPN="john doe@COMPANY DOMAIN"
PKI CERTIFICATE CREATE type=server CN="www companie com" passphrase="secret" ALTNAMES="* companie com;companie com;12 34 56 78;98 76 54 32"
Usage
type=<user|server|smartcard>
CN=<name>
passphrase=<pass>
[caname=<name>]
[shortname=<name>]
[keytype=<RSA|SECP|Brainpool>]
[size=<key size>]
[nbdays=<days>]
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
[tpm=<none|ondisk>]
- none: Do not use a TPM
- ondisk: Store the private key on disk but encrypts it with a symmetric key on the TPM Requires a firewall with a TPM
[tpmpassword=<password>]
Valid sizes are:
RSA: 768 1024 1536 2048 4096
SECP: 256 384 521
Brainpool: 256 384 512