PKI REQUEST CREATE

Level

pki,modify LICENCE PKI

History

Appears in 9.0.0
keytype appears in 3.10.0

Description

Create a new certification request using the given authority configuration template. If no authority name is given, the default one is taken.
The email is mandatory for a user request. The name must be a fqdn or an IP for a server one.

Cache category

pki

Usage

type=<user|server|smartcard|ca>
CN=<name>
[caname=<name>]
[shortname=<name>]
[keytype=<RSA|SECP|Brainpool>]
[size=<key size>]
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
[tpm=<none|ondisk>]
- none: Do not use a TPM
- ondisk: Store the private key on disk but encrypts it with a symmetric key on the TPM. Requires a firewall with a TPM
[tpmpassword=<password>]
Valid sizes are:
RSA: 768 1024 1536 2048 4096
SECP: 256 384 521
Brainpool: 256 384 512