.\" Automatically generated by Pandoc 2.9.2.1
.\"
.TH "tpm2_certifyX509certutil" "1" "" "tpm2-tools" "General Commands Manual"
.hy
.SH NAME
.PP
\f[B]tpm2_certifyX509certutil\f[R](1) - Generate partial X509
certificate.
.SH SYNOPSIS
.PP
\f[B]tpm2_certifyX509certutil\f[R] [\f[I]OPTIONS\f[R]]
.SH DESCRIPTION
.PP
\f[B]tpm2_certifyX509certutil\f[R](1) - Generates a partial certificate
that is suitable as the third input parameter for TPM2_certifyX509
command.
The certificate data is written into a file in DER format and can be
examined using openssl asn1parse tool as follows:
.IP
.nf
\f[C]
openssl asn1parse -in partial_cert.der -inform DER
\f[R]
.fi
.SH OPTIONS
.PP
These are the available options:
.IP \[bu] 2
\f[B]-o\f[R], \f[B]--outcert\f[R]=\f[I]STRING\f[R]: The output file
where the certificate will be written to.
The default is partial_cert.der Optional parameter.
.IP \[bu] 2
\f[B]-d\f[R], \f[B]--days\f[R]=\f[I]NUMBER\f[R]: The number of days the
certificate will be valid starting from today.
The default is 3560 (10 years) Optional parameter.
.IP \[bu] 2
\f[B]-i\f[R], \f[B]--issuer\f[R]=\f[I]STRING\f[R]: The ISSUER entry for
the cert in the following format: \[en]issuer=\[lq]C=US;O=org;OU=Org
unit;CN=cname\[rq] Supported fields are:
.RS 2
.IP \[bu] 2
C - \[lq]Country\[rq], max size = 2
.IP \[bu] 2
O - \[lq]Org\[rq], max size = 8
.IP \[bu] 2
OU - \[lq]Org Unit\[rq], max size = 8
.IP \[bu] 2
CN - \[lq]Common Name\[rq], max size = 8 The files need to be separated
with semicolon.
At list one supported field is required for the option to be valid.
Optional parameter.
.RE
.IP \[bu] 2
\f[B]-s\f[R], \f[B]--subject\f[R]=\f[I]STRING\f[R]: The SUBJECT for the
cert in the following format: \[en]subject=\[lq]C=US;O=org;OU=Org
unit;CN=cname\[rq] Supported fields are:
.RS 2
.IP \[bu] 2
C - \[lq]Country\[rq], max size = 2
.IP \[bu] 2
O - \[lq]Org\[rq], max size = 8
.IP \[bu] 2
OU - \[lq]Org Unit\[rq], max size = 8
.IP \[bu] 2
CN - \[lq]Common Name\[rq], max size = 8 The files need to be separated
with semicolon.
At list one supported field is required for the option to be valid.
Optional parameter.
.RE
.IP \[bu] 2
\f[B]ARGUMENT\f[R] No arguments required.
.SS References
.SH COMMON OPTIONS
.PP
This collection of options are common to many programs and provide
information that many users may expect.
.IP \[bu] 2
\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage.
By default, it attempts to invoke the manpager for the tool, however, on
failure will output a short tool summary.
This is the same behavior if the \[lq]man\[rq] option argument is
specified, however if explicit \[lq]man\[rq] is requested, the tool will
provide errors from man on stderr.
If the \[lq]no-man\[rq] option if specified, or the manpager fails, the
short options will be output to stdout.
.RS 2
.PP
To successfully use the manpages feature requires the manpages to be
installed or on \f[I]MANPATH\f[R], See man(1) for more details.
.RE
.IP \[bu] 2
\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this
tool, supported tctis and exit.
.IP \[bu] 2
\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the
tool prints to the console during its execution.
When using this option the file and line number are printed.
.IP \[bu] 2
\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout.
.IP \[bu] 2
\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of
errata fixups.
Useful if an errata fixup needs to be applied to commands sent to the
TPM.
Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.
information many users may expect.
.SH EXAMPLES
.IP
.nf
\f[C]
tpm2 certifyX509certutil -o partial_cert.der -d 356
\f[R]
.fi
.SH Returns
.PP
Tools can return any of the following codes:
.IP \[bu] 2
0 - Success.
.IP \[bu] 2
1 - General non-specific error.
.IP \[bu] 2
2 - Options handling error.
.IP \[bu] 2
3 - Authentication error.
.IP \[bu] 2
4 - TCTI related error.
.IP \[bu] 2
5 - Non supported scheme.
Applicable to tpm2_testparams.
.SH BUGS
.PP
Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
.SH HELP
.PP
See the Mailing
List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)