-h,--help
Print usage information with a summary of the available options.
-v,--debuglevel
Set debug level, default: 1.
-+,--optionsfile
Read command line options from file.
-i,--infile
Holder certificate to issue an attribute certificate for. If not given the certificate is read
from STDIN.
-m,--groupmembership
Group membership the attribute certificate shall certify. The specified group is included as a
string. To include multiple groups, the option can be repeated.
-k,--issuerkeyfile
Issuer private key file. Either this or --issuerkeyid is required.
-x,--issuerkeyidhex
Smartcard or TPM issuer private key object handle in hex format with an optional h0x prefix.
Either this or --issuerkey is required.
-c,--issuercertfile
Issuer certificate file. Required.
-l,--lifetimehours
Hours the attribute certificate is valid, default: 24. Ignored if both an absolute start and end
time are given.
-F,--not-beforedatetime
Absolute time when the validity of the AC begins. The datetime format is defined by the --dateform
option.
-T,--not-afterdatetime
Absolute time when the validity of the AC ends. The datetime format is defined by the --dateform
option.
-D,--dateformformstrptime(3) format for the --not-before and --not-after options, default: %d.%m.%y%T-s,--serialhex
Serial number in hex. It is randomly allocated by default.
-g,--digestdigest
Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. The
default is determined based on the type and size of the signature key.
-R,--rsa-paddingpadding
Padding to use for RSA signatures. Either pkcs1 or pss, defaults to pkcs1.
-f,--outformencoding
Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to
der.
Install Now
PNG Icons
SVG Icons