[kmf-discuss] signing/verifying certificates with pktool(1)
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Tue Jan 8 13:26:51 PST 2008
Huie-Ying Lee wrote:
> Wyllys Ingersoll wrote:
>> Jan Pechanec wrote:
>>> On Mon, 7 Jan 2008, Wyllys Ingersoll wrote:
>>>
>>>
>>>> However, if all you want is the ability to sign a CSR with a
>>>> particular
>>>> certificate, we could probably add just that feature to pktool.
>>>> File an
>>>> RFE and I'm sure we can take a closer look at it, but I think it
>>>> should be
>>>> fairly straightforward.
>>>>
>>> done:
>>>
>>> 6648052 pktool(1) could allow certificate signing and verification
>>>
>>> thanks, J.
>>>
>>>
>>
>> Thanks! I will look into this. I think we will need to add new
>> commands
>> to pktool and get them ARC approved since it is a new interface.
>>
>> I'm thinking of something like:
>>
>> pktool signcsr
>> [keystore=pkcs11|file|nss]
>> signkey=label/filename of signing key (label if keystore=PKCS11 or
>> NSS, filename if file)
>> csr=CSR filename
>> serial=serial number hex string
>> outcert=filename for resulting certificate.
>> outformat=pem|der
>>
>
> Looks good. I would like to sugggest to change the outformat augument
> to be optional
> with "pem" as the default outformat.
Agree - PEM is the default.
-Wyllys
More information about the kmf-discuss
mailing list