| CERTPATCH(8) | System Manager's Manual | CERTPATCH(8) |
certpatch — add
subjectAltName identities to X.509 certificates
certpatch |
[-t identity-type]
-i identity
-k signing-key
input-certificate output-certificate |
certpatch alters PEM-encoded X.509
certificates by adding a subjectAltName extension containing an identity
used by the signature-based authentication schemes of the ISAKMP protocol.
After the addition the certificate will be signed once again with the
supplied CA signing key.
The options are as follows:
-t
identity-type-t option specifies the type of the
given identity. Currently ip,
fqdn, and ufqdn are
recognized. The default is ip.-i
identity-i option takes an argument which is the
identity to put into the subjectAltName field of the certificate. If the
identity-type is ip, this argument should be an
IPv4 address in dotted decimal notation.-k
signing-key-k option specifies the key used for signing
the certificate once the subjectAltName extension has been added. The key
is specified by the filename where it is stored in PEM format.| July 18, 1999 | Debian |