certpatch(8)

NAME

     certpatch --- add subjectAltName identities to X.509 certificates

SYNOPSIS

     certpatch [-t identity-type] -i identity -k signing-key input-certificate
           output-certificate

DESCRIPTION

     certpatch alters PEM-encoded X.509 certificates by adding a
     subjectAltName extension containing an identity used by the signature-
     based authentication schemes of the ISAKMP protocol.  After the addition
     the certificate will be signed once again with the supplied CA signing
     key.

     The options are as follows:

     -t identity-type
         If given, the -t option specifies the type of the given identity.
         Currently ip, fqdn, and ufqdn are recognized.  The default is ip.

     -i identity
         The -i option takes an argument which is the identity to put into
         the subjectAltName field of the certificate.  If the identity-
         type is ip, this argument should be an IPv4 address in dotted
         decimal notation.

     -k signing-key
         The -k option specifies the key used for signing the certificate
         once the subjectAltName extension has been added.  The key is
         specified by the filename where it is stored in PEM format.

SEE ALSO

     isakmpd(8), ssl(8)

---

Free and Open Source Software