Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

This article is valid from CM 8.0.

This article describes the syntax for how to generate a PKCS #10 certificate request. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.

Syntax

Syntax: Generate PKCS #10 certificate request
hwsetup -libname <pkcs11lib> [-slot <slot#>] [-pin <PIN>] [-nopinpad]
[-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so]
-genreq <subject DN>] [-file <filename>] [-keyalg <algorithm>]
[-keyusage [<names>]] [-signalg <algorithm>]

Options and arguments

For a description of the options libnameslotpin, nopinpad, and login and their arguments, see Generate DSA/EC/RSA key pair.

Options and ArgumentsDescription
genreq <subject DN> Use this option to create a request for issue of a certificate. Replace <subject DN> with the subject distinguished name in RFC2253 format, for the certificate. Use either the id or label option to specify the key pair for the certificate request.
id <CKA_ID>Use the key pair with the specified CKA_ID value.
label <CKA_LABEL>Use the key pair with the specified CKA_LABEL value.
file <filename> Use this option to specify the file the request shall be written to. Default: certreq.txt
keyalg <algorithm>Use this option to specify an OAEP or PSS algorithm for an RSA public key. For example, RSAES-OAEP, RSASSA-PSS or SHA256withRSAandMGF1. Default: RSA
keyusage [<names>]Use this option to create a KeyUsage extension in the certificate request. If any <names> are not specified, the operation attributes of the public key are used to create the extension. The following, comma separated, names can be used: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, encipherOnly, decipherOnly. Default: extension not created
signalg <algorithm>Use this option to specify the signature algorithm, for example, SHA384withECDSA or SHA256withRSAandMGF1. Default: SHA256withDSA, -ECDSA, -RSA

Example

To generate a PKCS #10 certificate request and store it in the file certreq.txt:

Example: Generate PKCS #10 certificate request and store in file certreq.txt
hwsetup -libname crypto -slot 1 -pin abcd -id mykey -genreq "cn=Test, o=Nexus"

Send certreq.txt to the CA so that the certificate can be issued.

  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions