🟣generate

Generate a self-signed X.509 certificate. A self-signed certificate is generated and written to one of the slots on the YubiKey. A private key must already be present in the corresponding key slot.

ykman piv certificates generate OPTIONS SLOT PUBLIC-KEY

Options
Description

-h, --help

Show this message and exit.

-a, --hash-algorithm [SHA1|SHA256|SHA384|SHA512]

Hash algorithm. [default: SHA256]

-d, --valid-days INTEGER

Number of days until the certificateexpires. [default: 365]

-m, --management-key TEXT

The management key.

-P, --pin TEXT

PIN code.

-s, --subject TEXT

Subject for the certificate, as an RFC 4514 string. [required].

Arguments
Description

SLOT

PIV slot of the certificate.

PUBLIC-KEY

File containing the public key. Use '-' to use stdin.

HELP

Usage: ykman.exe piv certificates generate [OPTIONS] SLOT PUBLIC-KEY

  Generate a self-signed X.509 certificate.

  A self-signed certificate is generated and written to one of the slots on the YubiKey. A private key must already be present in the
  corresponding key slot.

  SLOT            PIV slot of the certificate.
  PUBLIC-KEY      File containing a public key. Use '-' to use stdin.

Options:
  -m, --management-key TEXT       The management key.
  -P, --pin TEXT                  PIN code.
  -s, --subject TEXT              Subject for the certificate, as an RFC 4514 string.  [required]
  -d, --valid-days INTEGER        Number of days until the certificate expires.  [default: 365]
  -a, --hash-algorithm [SHA1|SHA256|SHA384|SHA512]
                                  Hash algorithm.  [default: SHA256]
  -h, --help                      Show this message and exit.

EXAMPLE

Last updated