PKI --KEYID(1) strongSwan PKI --KEYID(1)NAME
pki --keyid - Calculate key identifiers of a key or certificate
SYNOPSIS
pki --keyid [--in file] [--type type] [--debug level]
pki --keyid --options file
pki --keyid -h | --help
DESCRIPTION
This sub-command of pki(1) calculates key identifiers of private keys and certificates.
OPTIONS -h, --help
Print usage information with a summary of the available options.
-v, --debug level
Set debug level, default: 1.
-+, --options file
Read command line options from file.
-i, --in file
Input file. If not given the input is read from STDIN.
-t, --type type
Type of input. One of rsa-priv (RSA private key), ecdsa-priv (ECDSA private key), pub (public key), pkcs10 (PKCS#10 certificate
request), x509 (X.509 certificate), defaults to rsa-priv.
EXAMPLES
Calculate key identifiers of an RSA private key:
pki --keyid --in key.der
subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
Calculate key identifiers of an X.509 certificate:
pki --keyid --in cert.der --type x509
subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
SEE ALSO pki(1)5.1.1 2013-07-31 PKI --KEYID(1)
Check Out this Related Man Page
PKI --SELF(1) strongSwan PKI --SELF(1)NAME
pki --self - Create a self-signed certificate
SYNOPSIS
pki --self [--in file|--keyid hex] [--type t] --dn distinguished-name [--san subjectAltName] [--lifetime days] [--serial hex] [--flag flag]
[--digest digest] [--ca] [--ocsp uri] [--pathlen len] [--nc-permitted name] [--nc-excluded name] [--policy-mapping mapping]
[--policy-explicit len] [--policy-inhibit len] [--policy-any len] [--cert-policy oid [--cps-uri uri] [--user-notice text]]
[--outform encoding] [--debug level]
pki --self --options file
pki --self -h | --help
DESCRIPTION
This sub-command of pki(1) is used to create a self-signed certificate.
OPTIONS -h, --help
Print usage information with a summary of the available options.
-v, --debug level
Set debug level, default: 1.
-+, --options file
Read command line options from file.
-i, --in file
Private key input file. If not given the key is read from STDIN.
-x, --keyid hex
Key ID of a private key on a smartcard.
-t, --type type
Type of the input key. Either rsa or ecdsa, defaults to rsa.
-d, --dn distinguished-name
Subject and issuer distinguished name (DN). Required.
-a, --san subjectAltName
subjectAltName extension to include in certificate. Can be used multiple times.
-l, --lifetime days
Days the certificate is valid, default: 1095.
-s, --serial hex
Serial number in hex. It is randomly allocated by default.
-e, --flag flag
Add extendedKeyUsage flag. One of serverAuth, clientAuth, crlSign, or ocspSigning. Can be used multiple times.
-g, --digest digest
Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. Defaults to sha1.
-f, --outform encoding
Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.
-b, --ca
Include CA basicConstraint extension in certificate.
-o, --ocsp uri
OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple times.
-p, --pathlen len
Set path length constraint.
-n, --nc-permitted name
Add permitted NameConstraint extension to certificate.
-N, --nc-excluded name
Add excluded NameConstraint extension to certificate.
-M, --policy-mapping issuer-oid:subject-oid
Add policyMapping from issuer to subject OID.
-E, --policy-explicit len
Add requireExplicitPolicy constraint.
-H, --policy-inhibit len
Add inhibitPolicyMapping constraint.
-A, --policy-any len
Add inhibitAnyPolicy constraint.
Certificate Policy
Multiple certificatePolicy extensions can be added. Each with the following information:
-P, --cert-policy oid
OID to include in certificatePolicy extension. Required.
-C, --cps-uri uri
Certification Practice statement URI for certificatePolicy.
-U, --user-notice text
User notice for certificatePolicy.
EXAMPLES
Generate a self-signed certificate using the given RSA key:
pki --self --in key.der --dn "C=CH, O=strongSwan, CN=moon"
--san moon.strongswan.org > cert.der
SEE ALSO pki(1)5.1.1 2013-07-31 PKI --SELF(1)