.ie \n(.g .ds Aq \(aq .el .ds Aq ' .TH nethsm-config-get-tls-csr 1 "nethsm-config-get-tls-csr " .SH NAME nethsm\-config\-get\-tls\-csr \- Get a Certificate Signing Request for the TLS certificate .SH SYNOPSIS \fBnethsm config get tls\-csr\fR [\fB\-f\fR|\fB\-\-force\fR] [\fB\-o\fR|\fB\-\-output\fR] [\fB\-a\fR|\fB\-\-auth\-passphrase\-file\fR] [\fB\-c\fR|\fB\-\-config\fR] [\fB\-l\fR|\fB\-\-label\fR] [\fB\-u\fR|\fB\-\-user\fR] [\fB\-h\fR|\fB\-\-help\fR] <\fICOMMON_NAME\fR> [\fIORG_NAME\fR] [\fIORG_UNIT\fR] [\fILOCALITY\fR] [\fISTATE\fR] [\fICOUNTRY\fR] [\fIEMAIL\fR] .SH DESCRIPTION Get a Certificate Signing Request for the TLS certificate .PP The PKCS#10 Certificate Signing Request (CSR) is returned in Privacy\-enhanced Electronic Mail (PEM) format. Unless a specific output file is chosen, the certificate is returned on stdout. .PP At a minimum, the "Common Name" (CN) attribute for the CSR has to be provided. .PP Requires authentication of a system\-wide user in the "Administrator" role. .SH OPTIONS .TP \fB\-f\fR, \fB\-\-force\fR Write to output file even if it exists already .RS May also be specified with the \fBNETHSM_FORCE\fR environment variable. .RE .TP \fB\-o\fR, \fB\-\-output\fR=\fIOUTPUT\fR The optional path to a specific file that the certificate is written to .RS May also be specified with the \fBNETHSM_CONFIG_TLS_CSR_OUTPUT_FILE\fR environment variable. .RE .TP \fB\-a\fR, \fB\-\-auth\-passphrase\-file\fR=\fIAUTH_PASSPHRASE_FILE\fR The path to a file containing a passphrase for authentication The passphrase provided in the file must be the one for the user chosen for the command. This option can be provided multiple times, which is needed for commands that require multiple roles at once. With multiple passphrase files ordering matters, as the files are assigned to the respective user provided by the "\-\-user" option. .RS May also be specified with the \fBNETHSM_AUTH_PASSPHRASE_FILE\fR environment variable. .RE .TP \fB\-c\fR, \fB\-\-config\fR=\fICONFIG\fR The path to a custom configuration file If specified, the custom configuration file is used instead of the default configuration file location. .RS May also be specified with the \fBNETHSM_CONFIG\fR environment variable. .RE .TP \fB\-l\fR, \fB\-\-label\fR=\fILABEL\fR A label uniquely identifying a device in the configuration file Must be provided if more than one device is setup in the configuration file. .RS May also be specified with the \fBNETHSM_LABEL\fR environment variable. .RE .TP \fB\-u\fR, \fB\-\-user\fR=\fIUSER\fR A user name which is used for a command Can be provided, if no user name is setup in the configuration file for a device. Must be provided, if several user names of the same target role are setup in the configuration file for a device. This option can be provided multiple times, which is needed for commands that require multiple roles at once. .RS May also be specified with the \fBNETHSM_USER\fR environment variable. .RE .TP \fB\-h\fR, \fB\-\-help\fR Print help (see a summary with \*(Aq\-h\*(Aq) .TP <\fICOMMON_NAME\fR> The mandatory "Common Name" (CN) attribute for the CSR A fully qualified domain name (FQDN) that should be secured using the CSR. .RS May also be specified with the \fBNETHSM_TLS_CSR_COMMON_NAME\fR environment variable. .RE .TP [\fIORG_NAME\fR] The optional "Organization Name" (O) attribute for the CSR Usually the legal name of a company or entity and should include any suffixes such as Ltd., Inc., or Corp. .RS May also be specified with the \fBNETHSM_TLS_CSR_ORG_NAME\fR environment variable. .RE .TP [\fIORG_UNIT\fR] The optional "Organizational Unit" (OU) attribute for the CSR Internal organization department/division name. .RS May also be specified with the \fBNETHSM_TLS_CSR_ORG_UNIT\fR environment variable. .RE .TP [\fILOCALITY\fR] The optional "Locality" (L) attribute for the CSR Name of town, city, village, etc. .RS May also be specified with the \fBNETHSM_TLS_CSR_LOCALITY\fR environment variable. .RE .TP [\fISTATE\fR] The optional "State" (ST) attribute for the CSR Province, region, county or state. .RS May also be specified with the \fBNETHSM_TLS_CSR_STATE\fR environment variable. .RE .TP [\fICOUNTRY\fR] The optional "Country" (C) attribute for the CSR The two\-letter ISO code for the country where the "Organization" (O) is located. .RS May also be specified with the \fBNETHSM_TLS_CSR_COUNTRY\fR environment variable. .RE .TP [\fIEMAIL\fR] The optional "Email Address" (EMAIL) attribute for the CSR The organization contact, usually of the certificate administrator or IT department. .RS May also be specified with the \fBNETHSM_TLS_CSR_EMAIL\fR environment variable. .RE