Generates a key pair and the corresponding CSR (Certificate Signing Request).

See below for the supported options.

--csr-out <csr>

Save the  generated CSR in the <csr> file path. 

Mandatory: No. When omitting this option, the command skips the CSR generation.

--csr-subject <subject>

Use <subject> as the Subject of the certificate request. Where <subject> is a full Distinguished Name (DN) or Relative Distinguished Name (RDN).

For example:

Mandatory: No. When omitting this option, the Subject in the generated certificate request defaults to the following:

Where <key_id> is the key identifier.

--key-id <id> 

Set <id> as the hexadecimal key identifier.

Mandatory: No. When omitting this option, the identifier is the public key's SHA1.

--key-label <label>

Set <label> as the key label.

Mandatory: No. When omitting this option, the label is the key identifier.

--key-type <key_type>

Create a key of the <key_type> type, where  <key_type> is one of the following. 

• RSA2048
• RSA3072
• RSA4096
• ECDSAP256
• ECDSAP384
• ECDSAP521

Mandatory: Yes.

--log <file>

Record the command execution in a log file with the <file> path. 

• If the file does not exist, the command creates it.
• If the file exists, the command appends the execution log.

Mandatory: No. When omitting this option, the command does not record a log.

--password <pwd>

Set <pwd> as the token password.

Mandatory: No. When omitting this option, the command prompts for the password value.

--verbose

Print additional error information (if any).

Mandatory: No.