create-selfsigned-cert

Syntax

tadm create-selfsigned-cert common_options [--token=name] 
[--org-unit=org_unit] [--locality=place] [--state=name] 
[--validity=number_of_months] [--org=org] [--country=name] 
[--key-type=rsa|ecc] ([--key-size=size] | [--curve=curve_name]) 
--config=config_name --server-name=[dns_name,..] --nickname=nick_name

Description

Use this command to create a new self-signed certificate. The create-selfsigned-cert command prompts for a token password if the token is password protected. A self-signed certificate is an identity certificate that is signed by its own creator. In a typical SSL server deployment, if a particular server certificate is valid (contains correct information), it is attested by a digital signature from a Certificate Authority (CA).

Options

For information about common_options, run the help command.

--token|-t

Specify the token (cryptographic device) name, which contains the encrypted public key

--org-unit|-o

Enter a description of an organizational unit within your company.

--locality|-l

Enter a description of the city, principality, or country of the organization.

--state|-a

Specify the state or province where the business is located.

--token-pin|-P

Specify the Personal Identification Number (PIN) required to initialize the token. You can also define the token-pin in the password file.

--validity|-d

Specify the validity of the certificate.

--org|-g

Enter the official name of your company, educational institution, or organization.

--country|-y

Enter a two-character abbreviation of your country's name (in ISO format). For example, the country code for the United States is US.

--key-type|-k

Specify the type of the certificate key. The key types can be rsa or ecc. The default key type is rsa if this option is not specified.

--key-size|-z

Specify the size of the certificate key. This option is applicable only if the key-type is rsa. The key size can be 1024, 2048, or 4098. The default key size is 2048 if this option is not specified.

--curve|-r

Specify the name of the key curve. This option is applicable if you specify the key-type as ecc. The key curves can be prime256v1, secp256r1, nistp256, secp256k1, secp384r1, nistp384, secp521r1, nistp521, sect163k1, nistk163, sect163r1, sect163r2, nistb163, sect193r1, sect193r2, sect233k1, nistk233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192, secp224k1, secp224r1, nistp224, or prime192v1.

secp256r1 is considered as the default curve if this option is not specified.

--config|-c

Specify the name of the configuration for which you want to create the certificate.

--server-name|-s

Specify the host name of the server for which you are creating a self-signed certificate. This option can also be referred to as the Common Name.

--nickname|-n

Enter a short name for the certificate that you want to create.

Example

tadm create-selfsigned-cert --user=admin --port=8989 --password-file=./admin.pwd --no-prompt 
--config=www.example.org --server-name=serverhost 
--nickname=cert1

Exit Codes

The following exit values are returned:

0: command executed successfully

>0: error in executing the command

For more information about exit codes and syntax notations, run the help command.

See Also

help, install-cert, list-certs, delete-cert, get-cert-prop, create-cert-request, set-cert-trust-prop