| nethsm-key-csr(1) | General Commands Manual | nethsm-key-csr(1) |
NAME
nethsm-key-csr - Get a Certificate Signing Request for a key
SYNOPSIS
nethsm key csr [-f|--force] [-o|--output] [-a|--auth-passphrase-file] [-c|--config] [-l|--label] [-u|--user] [-h|--help] <KEY_ID> <COMMON_NAME> [ORG_NAME] [ORG_UNIT] [LOCALITY] [STATE] [COUNTRY] [EMAIL]
DESCRIPTION
Get a Certificate Signing Request for a key
The PKCS#10 Certificate Signing Request (CSR) is returned in Privacy-enhanced Electronic Mail (PEM) format. Unless a specific output file is chosen, the certificate is returned on stdout.
At a minimum, the "Common Name" (CN) attribute for the CSR has to be provided.
System-wide users in the "Administrator" or "Operator" role can only create CSRs for system-wide keys. Namespaced users in the "Administrator" or "Operator" role can only create CSRs for keys in their own namespace.
Requires authentication of a user in the "Administrator" or "Operator" role (with access to the key - see "nethsm key tag" and "nethsm user tag").
OPTIONS
- -f, --force
- Write to output file even if it exists already
- -o, --output <OUTPUT>
- The optional path to a specific output file
- -a, --auth-passphrase-file <AUTH_PASSPHRASE_FILE>
- The path to a file containing a passphrase for authentication
The passphrase provided in the file must be the one for the user chosen for the command.
This option can be provided multiple times, which is needed for commands that require multiple roles at once. With multiple passphrase files ordering matters, as the files are assigned to the respective user provided by the "--user" option.
- -c, --config <CONFIG>
- The path to a custom configuration file
If specified, the custom configuration file is used instead of the default configuration file location.
- -l, --label <LABEL>
- A label uniquely identifying a device in the configuration file
Must be provided if more than one device is setup in the configuration file.
- -u, --user <USER>
- A user name which is used for a command
Can be provided, if no user name is setup in the configuration file for a device. Must be provided, if several user names of the same target role are setup in the configuration file for a device.
This option can be provided multiple times, which is needed for commands that require multiple roles at once.
- -h, --help
- Print help (see a summary with '-h')
- <KEY_ID>
- The key ID for which to create a CSR
- <COMMON_NAME>
- The mandatory "Common Name" (CN) attribute for the CSR
A fully qualified domain name (FQDN) that should be secured using the CSR.
- [ORG_NAME]
- The optional "Organization Name" (O) attribute for the CSR
Usually the legal name of a company or entity and should include any suffixes such as Ltd., Inc., or Corp.
- [ORG_UNIT]
- The optional "Organizational Unit" (OU) attribute for the CSR
Internal organization department/division name.
- [LOCALITY]
- The optional "Locality" (L) attribute for the CSR
Name of town, city, village, etc.
- [STATE]
- The optional "State" (ST) attribute for the CSR
Province, region, county or state.
- [COUNTRY]
- The optional "Country" (C) attribute for the CSR
The two-letter ISO code for the country where the "Organization" (O) is located.
- [EMAIL]
- The optional "Email Address" (EMAIL) attribute for the CSR
The organization contact, usually of the certificate administrator or IT department.
| nethsm-key-csr |