create-cert-request

Syntax

tadm create-cert-request common_options [--key-type=rsa|ecc] ([--key-size=size] | [--curve=curve_name]) [--org=org] 
[--org-unit=org_unit] [--locality=place] [--state=name] 
[--country=name] --config=config_name --token=name 

--server-name=[dns_name,..]

Description

Use this command to create a new certificate request. A certificate consists of digital data that specifies the name of an individual, company, or other entity, and certifies that the public key included in the certificate belongs to that entity. Both clients and servers can have certificates.

A certificate is issued and digitally signed by a (CA) Certificate Authority. The CA can be a company that sells certificates over the Internet, or it can be a department responsible for issuing certificates for your company's intranet or extranet. You decide which CAs you trust enough to serve as verifiers of other user's identities. The create-cert-request command prompts for a token password if the token is password protected.

When you choose the key-size as rsa, specify the key size. When you choose the key-type as ecc, specify the name for the curve. The key-size and curve options in the command are mutually exclusive.

Options

For information about common_options, run the help command.

--key-type|-k

Specify the type of the certificate key. The key types can be rsa or ecc, where:

rsa is an internet encryption and authentication system using public and private keys.

ecc (elliptic curve cryptography) is a public key encryption technique. It is based on the elliptic curve theory that enables security with smaller key sizes. This results in faster computations, lower power consumption, as well as memory and bandwidth savings

--key-size|-z: Specify the size of the certificate key. This option is applicable if you choose the key-type as rsa. The key size can be 1024, 2048, or 4098.

--curve|-r: Specify the name of the curve. This option is applicable if you choose the key-type as ecc.

--org|-g: Specify the name of your organization, company, or educational institution.

--org-unit|-o: Enter a description of an organizational unit within your company.
--locality|-l: Enter a description of the city, principality, or country of the organization.
--state|-a: Specify the state or province where your organization is located.
--country|-y: Specify a two-character abbreviation of your country's name (in ISO format). For example, the country code for the United States is US.
--config|-c: Specify the name of the configuration for which you want to create the certificate.
--token|-t: Specify the token (cryptographic device) name, which contains the encrypted public key.
--server-name|-s: Specify the host name of the server for which you are requesting a certificate from the CA.

Note:

The property server-name enables you to specify multiple values, with each value enclosed in quotes and separated by commas.

Example

When you choose key-type as rsa

tadm create-cert-request --user=admin --host=admin.example.com 
--password-file=./admin.passwd --port=8989 
--no-prompt --key-size=2048 --org=ora --country=IN 
--locality=abc --config=www.example.org --token=internal --server-name=config1.org

When you choose key-type as ecc

tadm create-cert-request --user=admin --host=admin.example.com 
--password-file=./admin.passwd --port=8989 
--no-prompt --curve=certificate_manager --org=ora --country=IN 
--locality=abc --config=www.example.org --token=internal 
--server-name=config2.org

Exit Codes

The following exit values are returned:

0: command executed successfully

>0: error in executing the command

For more information about exit codes and syntax notations, run the help command.