man certpatch (Administration système) - certpatch
NAME
certpatch - add subjectAltName identities to X.509 certificates
SYNOPSIS
certpatch [-t identity-type]-iidentity-ksigning-keyinput-certificate output-certificate
DESCRIPTION
alters PEM-encoded X.509 certificates by adding a subjectAltName extension containing an identity used by the signature-based authentication schemes of the ISAKMP protocol. After the addition the certificate will be signed once again with the supplied CA signing key.
The options are as follows:
- -t identity-type
- If given, the -t option specifies the type of the given identity. Currently ip , fqdn , and ufqdn are recognized. The default is ip .
- -i identity
- The -i option takes an argument which is the identity to put into the subjectAltName field of the certificate. If the identity-type is ip , this argument should be an IPv4 address in dotted decimal notation.
- -k signing-key
- The -k option specifies the key used for signing the certificate once the subjectAltName extension has been added. The key is specified by the filename where it is stored in PEM format.