🟣generate

Generate a self-signed X.509 certificate. A self-signed certificate is generated and written to one of the slots on the YubiKey. A private key must already be present in the corresponding key slot.

ykman piv certificates generate OPTIONS SLOT PUBLIC-KEY

Options	Description
-h, --help	Show this message and exit.
-a, --hash-algorithm [SHA1|SHA256|SHA384|SHA512]	Hash algorithm. [default: SHA256]
-d, --valid-days INTEGER	Number of days until the certificateexpires. [default: 365]
-m, --management-key TEXT	The management key.
-P, --pin TEXT	PIN code.
-s, --subject TEXT	Subject for the certificate, as an RFC 4514 string. [required].

Arguments	Description
SLOT	PIV slot of the certificate.
PUBLIC-KEY	File containing the public key. Use '-' to use stdin.

HELP

Help Command

Usage: ykman.exe piv certificates generate [OPTIONS] SLOT PUBLIC-KEY

  Generate a self-signed X.509 certificate.

  A self-signed certificate is generated and written to one of the slots on the YubiKey. A private key must already be present in the
  corresponding key slot.

  SLOT            PIV slot of the certificate.
  PUBLIC-KEY      File containing a public key. Use '-' to use stdin.

Options:
  -m, --management-key TEXT       The management key.
  -P, --pin TEXT                  PIN code.
  -s, --subject TEXT              Subject for the certificate, as an RFC 4514 string.  [required]
  -d, --valid-days INTEGER        Number of days until the certificate expires.  [default: 365]
  -a, --hash-algorithm [SHA1|SHA256|SHA384|SHA512]
                                  Hash algorithm.  [default: SHA256]
  -h, --help                      Show this message and exit.

EXAMPLE

example 1