|[Front page] [Index]|
Saves output certificates into files with the given prefix. The prefix is first appended by a number, followed by the file extension
.cafor CA certificates or
.crtfor user certificates.
Specifies the SOCKS URL if the CA is located behind a SOCKS-enabled firewall. The format of the URL is:
Uses the given HTTP proxy server to access the CA. The format of the URL is:
The usage line utilizes the following meta commands:
The pre-shared key given by the CA or RA, or a revocation password invented by the client and provided to the CA when the user wishes to revoke the certificate issued. The type and need for this depends on the PKI platform used by the CA.
An authentication password or a revocation password transferred (in encrypted format) to the CA for certification request or revocation request authorization purposes.
The subject key pair to be certified.
URL specifying the private key location. This is an external key URL whose format is specified in Section Synopsis.
The CA/RA certificates.
When performing enrollment, reads the CA certificate from the given file path.
Optionally specifies the RA encryption certificate.
Optionally specifies the RA signing certificate.
The subject name and flags to be certified.
The file containing the certificate used as the template for the operation. Values used to identify the subject are read from this, but the user may overwrite the key, key-usage flags, or subject names.
A subject name in reverse LDAP format, that is, the most general component first, and alternative subject names. The name
subject-ldapwill be copied into the request verbatim.
A typical choice would be a DN in the format
"C=US,O=SSH,CN=Some Body", but in principle this can be anything that is usable for the resulting certificate.
Requested key usage purpose code. The following codes are recognized:
help. The special keyword help lists the supported key usages which are defined in RFC 3280.
Requested extended key usage code. The following codes, in addition to user-specified dotted OID values are recognized:
Specifies the CA's address in URL format. If the host address is an IPv6 address, it must be enclosed in brackets (
Specifies the destination CA name.
[Front page] [Index]