% tpm2_certifyX509certutil(1) tpm2-tools | General Commands Manual
tpm2_certifyX509certutil(1) - Generate partial X509 certificate.
tpm2_certifyX509certutil [OPTIONS]
tpm2_certifyX509certutil(1) - Generates a partial certificate that is suitable as the third input parameter for TPM2_certifyX509 command. The certificate data is written into a file in DER format and can be examined using openssl asn1parse tool as follows:
openssl asn1parse -in partial_cert.der -inform DERThese are the available options:
-
-o, --outcert=STRING: The output file where the certificate will be written to. The default is partial_cert.der Optional parameter.
-
-d, --days=NUMBER: The number of days the certificate will be valid starting from today. The default is 3560 (10 years) Optional parameter.
-
-i, --issuer=STRING: The ISSUER entry for the cert in the following format: --issuer="C=US;O=org;OU=Org unit;CN=cname" Supported fields are:
- C - "Country", max size = 2
- O - "Org", max size = 8
- OU - "Org Unit", max size = 8
- CN - "Common Name", max size = 8 The files need to be separated with semicolon. At list one supported field is required for the option to be valid. Optional parameter.
-
-s, --subject=STRING: The SUBJECT for the cert in the following format: --subject="C=US;O=org;OU=Org unit;CN=cname" Supported fields are:
- C - "Country", max size = 2
- O - "Org", max size = 8
- OU - "Org Unit", max size = 8
- CN - "Common Name", max size = 8 The files need to be separated with semicolon. At list one supported field is required for the option to be valid. Optional parameter.
-
ARGUMENT No arguments required.
common options collection of common options that provide information many users may expect.
tpm2 certifyX509certutil -o partial_cert.der -d 356