CERTPATCH(8) BSD System Manager's Manual CERTPATCH(8)
NAME
certpatch -- add subjectAltName identities to X.509 certificates
SYNOPSIS
certpatch [-t identity-type] -i identity -k signing-key input-certificate output-certificate
DESCRIPTION
certpatch alters PEM-encoded X.509 certificates by adding a subjectAltName extension containing an identity used by the signature-based
authentication schemes of the ISAKMP protocol. After the addition the certificate will be signed once again with the supplied CA signing
key.
The options are as follows:
-t identity-type
If given, the -t option specifies the type of the given identity. Currently ip, fqdn, and ufqdn are recognized. The default is ip.
-i identity
The -i option takes an argument which is the identity to put into the subjectAltName field of the certificate. If the identity-type
is ip, this argument should be an IPv4 address in dotted decimal notation.
-k signing-key
The -k option specifies the key used for signing the certificate once the subjectAltName extension has been added. The key is speci-
fied by the filename where it is stored in PEM format.
SEE ALSO
isakmpd(8), ssl(8)
BSD
July 18, 1999 BSD