PKI REQUEST CREATE

Level

pki+modify LICENCE PKI

History

Appears in 9 0 0
keytype appears in 3 10 0

Description

Create a new certification request for the given authority If no authority name is given, the default one is taken
The email is mandatory for a user request The name must be a fqdn or an IP for a server one CACHE_CATEGORY pki

Usage

type=<user|server|smartcard|ca>
CN=<name>
passphrase=<pass>
[caname=<name>]
[shortname=<name>]
[keytype=<RSA|SECP|Brainpool>]
[size=<key size>]
[nbdays=<days>]
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
[tpm=<none|ondisk>]
- none: Do not use a TPM
- ondisk: Store the private key on disk but encrypts it with a symmetric key on the TPM Requires a firewall with a TPM
[tpmpassword=<password>]
Valid sizes are:
RSA: 768 1024 1536 2048 4096
SECP: 256 384 521
Brainpool: 256 384 512