[kmf-discuss] signing/verifying certificates with pktool(1)
Darren J Moffat
Darren.Moffat at Sun.COM
Tue Jan 8 06:20:59 PST 2008
Wyllys Ingersoll wrote:
> Thanks! I will look into this. I think we will need to add new commands
> to pktool and get them ARC approved since it is a new interface.
>
> I'm thinking of something like:
>
> pktool signcsr
> [keystore=pkcs11|file|nss]
> signkey=label/filename of signing key (label if keystore=PKCS11 or
> NSS, filename if file)
> csr=CSR filename
> serial=serial number hex string
> outcert=filename for resulting certificate.
> outformat=pem|der
I think it would be useful to be able to override some of the things in
the CSR: subject, altname, keyusage, lifetime.
--
Darren J Moffat
More information about the kmf-discuss
mailing list