Generate PKCS #10 certificate request
- Ann Base (Deactivated)
- Josefin Klang (Deactivated)
- Karolin Hemmingsson (Unlicensed)
This article is valid from CM 8.0.
This article describes the syntax for how to generate a PKCS #10 certificate request. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.
Syntax
Syntax: Generate PKCS #10 certificate request
hwsetup -libname <pkcs11lib> [-slot <slot#>] [-pin <PIN>] [-nopinpad]
[-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so]
-genreq <subject DN>] [-file <filename>] [-keyalg <algorithm>]
[-keyusage [<names>]] [-signalg <algorithm>]Options and arguments
For a description of the options libname, slot, pin, nopinpad, and login and their arguments, see Generate DSA/EC/RSA key pair.
Options and Arguments | Description |
|---|---|
genreq <subject DN> | Use this option to create a request for issue of a certificate. Replace |
id <CKA_ID> | Use the key pair with the specified |
label <CKA_LABEL> | Use the key pair with the specified |
file <filename> | Use this option to specify the file the request shall be written to. Default: certreq.txt |
keyalg <algorithm> | Use this option to specify an OAEP or PSS algorithm for an RSA public key. For example, RSAES-OAEP, RSASSA-PSS or SHA256withRSAandMGF1. Default: RSA |
keyusage [<names>] | Use this option to create a KeyUsage extension in the certificate request. If any |
signalg <algorithm> | Use this option to specify the signature algorithm, for example, SHA384withECDSA or SHA256withRSAandMGF1. Default: SHA256withDSA, -ECDSA, -RSA |
Example
To generate a PKCS #10 certificate request and store it in the file certreq.txt:
Example: Generate PKCS #10 certificate request and store in file certreq.txt
hwsetup -libname crypto -slot 1 -pin abcd -id mykey -genreq "cn=Test, o=Nexus"Send certreq.txt to the CA so that the certificate can be issued.
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions