signingclient create key
This command is for administrator users only. In a normal scenario, Entrust Certificate Services automatically manages your keys and certificates.
Generates a key pair and the corresponding CSR (Certificate Signing Request).
signingclient create key --key-type <key_type> [--csr-out <csr>] [--csr-subject <subject>] [--key-id <id>] [--key-label <label>] [--log <file>] [--password <pwd>] [--verbose]
See below for the supported options.
The command signs the CSR and, therefore, consumes one of the 10,000 licensed signatures.
--csr-out <csr>
Save the generated CSR in the <csr> file path.
Mandatory: No. When omitting this option, the command skips the CSR generation.
--csr-subject <subject>
Use <subject> as the Subject of the certificate request. Where <subject> is a full Distinguished Name (DN) or Relative Distinguished Name (RDN).
For Entrust Validation Authority to recognize the Subject, the DN attributes must be in capital letters.
For example:
CN=Example User,O=Example,C=US
CN=Example User
Mandatory
: No. When omitting this option, the Subject in the generated certificate request defaults to the following:
CN=<key_id>
Where <key_id> is the key identifier.
--key-id <id>
Set <id> as the hexadecimal key identifier.
Mandatory: No. When omitting this option, the identifier is the public key's SHA1.
--key-label <label>
Set <label> as the key label.
Mandatory: No. When omitting this option, the label is the key identifier.
--key-type <key_type>
Create a key of the <key_type> type, where <key_type> is one of the following.
RSA2048
RSA3072
RSA4096
ECDSAP256
ECDSAP384
ECDSAP521
Mandatory: Yes.
--log <file>
Record the command execution in a log file with the <file> path.
If the file does not exist, the command creates it.
If the file exists, the command appends the execution log.
Mandatory: No. When omitting this option, the command does not record a log.
--password <pwd>
Set <pwd> as the token password.
Mandatory: No. When omitting this option, the command prompts for the password value.
--verbose
Print additional error information (if any).
Mandatory: No.