Synopsis
cmmakecsr [-ed Environment-directory] -sd Slot-directory -tl TokenLabel |
Description
The cmmakecsr command creates a certificate application that has the specified information and outputs it to file. If a key pair is newly created to create the application, either -kt or -kb must be specified. It is recommended to specify 2048 bits in the -kb option.
Options
-ed Environment-directory
Specify the full path of the operation management directory (Environment-directory).
If this option is omitted, the information set in the "CMIPATH" environment variable takes effect.
-sd Slot-directory
Specify the full path of the slot information directory (Slot-directory).
-tl TokenLabel
Register the existing key to be used or register a newly created key. Specify the token label (TokenLabel).
-of OutFile
Specify the full path of the application output file (OutFile).
-f {TEXT|NOHEAD|V2}
Specify the output format.
TEXT : Output is in CSR format. (default)
NOHEAD: Output is without a header.
V2 : Output is in S/MIME format with an application/pkcs10 header attached.
-c Country
Specify the country (Country).
-cn CommonName
Specify the alphanumeric name (CommonName).
-o Organization
Specify the alphanumeric organization name (Organization).
-ou OrganizationUnit
Specify the alphanumeric organization unit name (OrganizationUnit).
-ea EMailAddress
Specify the email address (EMailAddress).
-t Title
Specify the title (Title).
-tel Phone
Specify the telephone number (Phone).
-l Locality
Specify the locality name (Locality).
-s State
Specify the state name (State).
-sa {SHA1|MD5}
Specify the signature algorithm.
SHA1: Use SHA1. (default)
MD5 : Use MD5.
-kl KeyLabel
Specify the label of the key to be used (KeyLabel).
-kt RSA
If a new key is being created, specify the key type.
RSA: Creates an RSA encryption algorithm key pair. (default)
-kb {512|768|1024|2048}
If a new key is being created, specify the key length.
512: Key length is 512 bits (default)
768: Key length is 768 bits
1024: Key length is 1024 bits
2048: Key length is 2048 bits (recommended)
At present, 512 and 768 bit RSA encryption algorithm keys are no longer safe due to improvements in machine processing performance and similar, so do not use them. Also, 1024 bit key is not recommended to use. A specification of 2048 bits is recommended because key lengths are relevant to server security. If 512, 768 or 1024 bit RSA encryption algorithm keys need to be used for operational reasons, be aware of this risk.
-p UserPIN
Specify the User-PIN used to access the token. The space character cannot be specified. Note that a prompt asking for input of the User-PIN is not displayed.
This option is not displayed in "Usage" when the command is executed.
Command Location
Windows | %CommonProgramFiles%\Fujitsu Shared\F3FSSMEE |
Solaris | /opt/FJSVsmee/bin |
Linux | /opt/FJSVsmee/bin |
Linux x64 | /opt/FJSVsmee64/bin |
Cautions
For -cn, specify the Web server host name.
If either the -kt or -kb option is specified, a new key pair is created.
If the -kl option is specified, the key with the specified label is used.
Any one of the -c, -cn, -o, -ou, -ea, -t, -tel, -l, and -s options must be specified. Check with the Certificate Authority that you are asking to issue the certificate about items that must be specified.
If requesting issue of a certificate from VeriSign, Inc., select "Secure Site".
If requesting issue of a certificate from Cybertrust, Inc., select "SureServer for SSL Certificates".
