🟣generate
Generate a self-signed X.509 certificate. A self-signed certificate is generated and written to one of the slots on the YubiKey. A private key must already be present in the corresponding key slot.
ykman piv certificates generate OPTIONS SLOT PUBLIC-KEY
Options
Description
-h, --help
Show this message and exit.
-a, --hash-algorithm [SHA1|SHA256|SHA384|SHA512]
Hash algorithm.
[default: SHA256
]
-d, --valid-days INTEGER
Number of days until the certificateexpires. [default: 365]
-m, --management-key TEXT
The management key.
-P, --pin TEXT
PIN code.
-s, --subject TEXT
Subject for the certificate, as an RFC 4514 string. [required].
Arguments
Description
SLOT
PIV slot of the certificate.
PUBLIC-KEY
File containing the public key.
Use '-'
to use stdin
.
HELP
Usage: ykman.exe piv certificates generate [OPTIONS] SLOT PUBLIC-KEY
Generate a self-signed X.509 certificate.
A self-signed certificate is generated and written to one of the slots on the YubiKey. A private key must already be present in the
corresponding key slot.
SLOT PIV slot of the certificate.
PUBLIC-KEY File containing a public key. Use '-' to use stdin.
Options:
-m, --management-key TEXT The management key.
-P, --pin TEXT PIN code.
-s, --subject TEXT Subject for the certificate, as an RFC 4514 string. [required]
-d, --valid-days INTEGER Number of days until the certificate expires. [default: 365]
-a, --hash-algorithm [SHA1|SHA256|SHA384|SHA512]
Hash algorithm. [default: SHA256]
-h, --help Show this message and exit.
EXAMPLE
Last updated
Was this helpful?