tadm create-selfsigned-cert common_options [--token=name] [--org-unit=org_unit] [--locality=place] [--state=name] [--validity=number_of_months] [--org=org] [--country=name] [--key-type=rsa|ecc] ([--key-size=size] | [--curve=curve_name]) --config=config_name --server-name=[dns_name,..] --nickname=nick_name
Use this command to create a new self-signed certificate. The create-selfsigned-cert
command prompts for a token password if the token is password protected. A self-signed certificate is an identity certificate that is signed by its own creator. In a typical SSL server deployment, if a particular server certificate is valid (contains correct information), it is attested by a digital signature from a Certificate Authority (CA).
For information about common_options
, run the help command.
--token|-t
Specify the token (cryptographic device) name, which contains the encrypted public key
--org-unit|-o
Enter a description of an organizational unit within your company.
--locality|-l
Enter a description of the city, principality, or country of the organization.
--state|-a
Specify the state or province where the business is located.
--token-pin|-P
Specify the Personal Identification Number (PIN) required to initialize the token. You can also define the token-pin
in the password file.
--validity|-d
Specify the validity of the certificate.
--org|-g
Enter the official name of your company, educational institution, or organization.
--country|-y
Enter a two-character abbreviation of your country's name (in ISO format). For example, the country code for the United States is US
.
--key-type|-k
Specify the type of the certificate key. The key types can be rsa
or ecc
. The default key type is rsa
if this option is not specified.
--key-size|-z
Specify the size of the certificate key. This option is applicable only if the key-type
is rsa
. The key size can be 1024
, 2048
, or 4098
. The default key size is 2048
if this option is not specified.
--curve|-r
Specify the name of the key curve. This option is applicable if you specify the key-type
as ecc
. The key curves can be prime256v1
, secp256r1
, nistp256
, secp256k1
, secp384r1
, nistp384
, secp521r1
, nistp521
, sect163k1
, nistk163
, sect163r1
, sect163r2
, nistb163
, sect193r1
, sect193r2
, sect233k1
, nistk233k1
, nistk233
, sect233r1
, nistb233
, sect239k1
, sect283k1
, nistk283
, sect283r1
, nistb283
, sect409k1
, nistk409
, sect571k1
, nistk571
, sect571r1
, nistb571
, secp160k1
, secp160r1
, secp160r2
, secp192k1
, secp192r1
, nistp192
, secp224k1
, secp224r1
, nistp224
, or prime192v1
.
secp256r1
is considered as the default curve if this option is not specified.
--config|-c
Specify the name of the configuration for which you want to create the certificate.
--server-name|-s
Specify the host name of the server for which you are creating a self-signed certificate. This option can also be referred to as the Common Name.
--nickname|-n
Enter a short name for the certificate that you want to create.
tadm create-selfsigned-cert --user=admin --port=8989 --password-file=./admin.pwd --no-prompt --config=www.example.org --server-name=serverhost --nickname=cert1
The following exit values are returned:
0: command executed successfully
>0: error in executing the command
For more information about exit codes and syntax notations, run the help command.