% tpm2_certifyX509certutil(1) tpm2-tools | General Commands Manual

NAME

tpm2_certifyX509certutil(1) - Generate partial X509 certificate.

SYNOPSIS

tpm2_certifyX509certutil [OPTIONS]

DESCRIPTION

tpm2_certifyX509certutil(1) - Generates a partial certificate that is suitable as the third input parameter for TPM2_certifyX509 command. The certificate data is written into a file in DER format and can be examined using openssl asn1parse tool as follows:

openssl asn1parse -in partial_cert.der -inform DER

OPTIONS

These are the available options:

  • -o, --outcert=STRING: The output file where the certificate will be written to. The default is partial_cert.der Optional parameter.

  • -d, --days=NUMBER: The number of days the certificate will be valid starting from today. The default is 3560 (10 years) Optional parameter.

  • -i, --issuer=STRING: The ISSUER entry for the cert in the following format: --issuer="C=US;O=org;OU=Org unit;CN=cname" Supported fields are:

    • C - "Country", max size = 2
    • O - "Org", max size = 8
    • OU - "Org Unit", max size = 8
    • CN - "Common Name", max size = 8 The files need to be separated with semicolon. At list one supported field is required for the option to be valid. Optional parameter.
  • -s, --subject=STRING: The SUBJECT for the cert in the following format: --subject="C=US;O=org;OU=Org unit;CN=cname" Supported fields are:

    • C - "Country", max size = 2
    • O - "Org", max size = 8
    • OU - "Org Unit", max size = 8
    • CN - "Common Name", max size = 8 The files need to be separated with semicolon. At list one supported field is required for the option to be valid. Optional parameter.
  • ARGUMENT No arguments required.

References

common options collection of common options that provide information many users may expect.

EXAMPLES

tpm2 certifyX509certutil -o partial_cert.der -d 356

returns

footer