NAME    [Toc]    [Back]

     certpatch - add subjectAltName identities to X.509  certificates

SYNOPSIS    [Toc]    [Back]

     certpatch  [-t  identity-type]  -i  identity  -k signing-key
input-certificate
               output-certificate

DESCRIPTION    [Toc]    [Back]

     certpatch alters PEM-encoded X.509 certificates by adding  a
subjectAltName
 extension containing an identity used by the signaturebased authentication
 schemes of the ISAKMP protocol.  After the addition
the certificate
  will be signed once again with the supplied CA signing
key.

     The options are as follows:

     -t identity-type
             If given, the -t option specifies the  type  of  the
given identity.
             Currently  ip,  fqdn, and ufqdn are recognized.  The
default is ip.

     -i identity
             The -i option takes an argument which is the identity to put into
             the subjectAltName field of the certificate.  If the
identitytype
 is ip, this argument should be an IPv4  address
in dotted
             decimal notation.

     -k signing-key
             The -k option specifies the key used for signing the
certificate
             once the subjectAltName extension  has  been  added.
The key is
             specified  by the filename where it is stored in PEM
format.

SEE ALSO    [Toc]    [Back]

     isakmpd(8), ssl(8)

OpenBSD     3.6                           July      18,      1999