tpm2_certifyX509certutil [OPTIONS]
tpm2_certifyX509certutil(1) - Generates a partial
certificate that is suitable as the third input parameter for
TPM2_certifyX509 command. The certificate data is written into a file in DER
format and can be examined using openssl asn1parse tool as follows:
-
openssl asn1parse -in partial_cert.der -inform DER
These are the available options:
- •
- -o, --outcert=STRING: The output file where the
certificate will be written to. The default is partial_cert.der Optional
parameter.
- •
- -d, --days=NUMBER: The number of days the certificate
will be valid starting from today. The default is 3560 (10 years) Optional
parameter.
- •
- -i, --issuer=STRING: The ISSUER entry for the cert in
the following format: –issuer=“C=US;O=org;OU=Org
unit;CN=cname” Supported fields are:
- •
- C - “Country”, max size = 2
- •
- O - “Org”, max size = 8
- •
- OU - “Org Unit”, max size = 8
- •
- CN - “Common Name”, max size = 8 The files need to be
separated with semicolon. At list one supported field is required for the
option to be valid. Optional parameter.
- •
- -s, --subject=STRING: The SUBJECT for the cert in the
following format: –subject=“C=US;O=org;OU=Org
unit;CN=cname” Supported fields are:
- •
- C - “Country”, max size = 2
- •
- O - “Org”, max size = 8
- •
- OU - “Org Unit”, max size = 8
- •
- CN - “Common Name”, max size = 8 The files need to be
separated with semicolon. At list one supported field is required for the
option to be valid. Optional parameter.
- •
- ARGUMENT No arguments required.
This collection of options are common to many programs and provide
information that many users may expect.
- •
- -h, --help=[man|no-man]: Display the tools manpage. By
default, it attempts to invoke the manpager for the tool, however, on
failure will output a short tool summary. This is the same behavior if the
“man” option argument is specified, however if explicit
“man” is requested, the tool will provide errors from man on
stderr. If the “no-man” option if specified, or the manpager
fails, the short options will be output to stdout.
To successfully use the manpages feature requires the manpages to
be installed or on MANPATH, See man(1) for more details.
- •
- -v, --version: Display version information for this tool,
supported tctis and exit.
- •
- -V, --verbose: Increase the information that the tool prints
to the console during its execution. When using this option the file and
line number are printed.
- •
- -Q, --quiet: Silence normal tool output to stdout.
- •
- -Z, --enable-errata: Enable the application of errata
fixups. Useful if an errata fixup needs to be applied to commands sent to
the TPM. Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.
information many users may expect.
-
tpm2 certifyX509certutil -o partial_cert.der -d 356
Tools can return any of the following codes:
- •
- 0 - Success.
- •
- 1 - General non-specific error.
- •
- 2 - Options handling error.
- •
- 3 - Authentication error.
- •
- 4 - TCTI related error.
- •
- 5 - Non supported scheme. Applicable to tpm2_testparams.
Github Issues
(https://github.com/tpm2-software/tpm2-tools/issues)
See the Mailing List
(https://lists.linuxfoundation.org/mailman/listinfo/tpm2)