--csr-out <csr>

Save the generated CSR in the <csr> file path.

Mandatory: No. When omitting this option, the command skips the CSR generation.

--csr-subject <subject>

Use <subject> as the Subject of the certificate request. Where <subject> is a full Distinguished Name (DN) or Relative Distinguished Name (RDN).

For example:

Mandatory : No. When omitting this option, the Subject in the generated certificate request defaults to the following:

Where <key_id> is the key identifier.

--key-id <id>

Set <id> as the hexadecimal key identifier.

Mandatory: No. When omitting this option, the identifier is the public key's SHA1.

--key-label <label>

Set <label> as the key label.

Mandatory: No. When omitting this option, the label is the key identifier.

--key-type <key_type>

Create a key of the <key_type> type, where <key_type> is one of the following.

• RSA2048

• RSA3072

• RSA4096

• ECDSAP256

• ECDSAP384

• ECDSAP521

Mandatory: Yes.

--log <file>

Record the command execution in a log file with the <file> path.

• If the file does not exist, the command creates it.

• If the file exists, the command appends the execution log.

Mandatory: No. When omitting this option, the command does not record a log.

--password <pwd>

Set <pwd> as the token password.

Mandatory: No. When omitting this option, the command prompts for the password value.

--verbose

Print additional error information (if any).

Mandatory: No.