| Requested action (One required). |
| PK10SNRQ |
Specifies to create a PKCS #10 CSR request from the input private key (which always includes
a public key section). |
| Issuer modifier One required. Specifies how the
issuer and issuer's distinguished name will be determined). |
| SELFSIGN |
Specifies that the CSR is for a self-signed certificate. The issuer's distinguished name is
the value that is passed in the subject_name parameter. |
| Input subject name format indicator (One required.
Specifies the format of the input subject_name parameter). |
| SDNDER |
Specifies that the input subject name is ASN.1 DER encoded. |
| SDNCLEAR |
Specifies that the input subject name is specified as a series of X.509 attribute-value pairs
that are separated by commas. For example: cn=Thomas Watson,o=Endicott,c=US
Identifier Meaning
C countryName
O organizationName
OU organizationalUnitName
CN commonName
SN surname
L localityName
ST stateOrProvinceName
SP stateOrProvinceName
S stateOrProvinceName
T title
PC postalCode
EMAIL emailAddress
E emailAddress
EMAILADDRESS emailAddress
STREET streetAddress
DC domainComponent
MAIL mail
NAME name
GIVENNAME givenName
INITIALS initials
GENERATIONQUALIFIER generationQualifier
DNQUALIFIER dnQualifier
SERIALNUMBER serialNumber
To specify a comma within an attribute value, escape the comma with the back slash character (\).
For example, an organization name of IBM,Poughkeepsie would be specified as:
OU=IBM\,Poughkeepsie
. |
| Output format indicator (One required. Specifies
the format of the data returned in the certificate parameter). |
| DER-FMT |
Specifies that the output in the certificate parameter object are DER encoded according to
the X.509 standard. |
| PEM-FMT |
Specifies that the output in the certificate parameter are encoded using Base64 encoding
according to RFC 7468. The encoded stream will consist of ASCII printable characters with one line
feed (X'0A' or 10 decimal) inserted after each group of 64 encoded characters
and one line feed at the end of the encoded stream. |
| Key usage and constraint indicators. Specifies key
usage indicators that are encoded as allowed in the Key Usage extension in the data that is returned
in the output certificate parameter. One to seven of these rules are required if the extensions
parameter does not specify any allowed usages for Key Usage or Extended Key Usage. None of these
rules are allowed if the extensions parameter is specified and does specify usages for Key Usage or
Extended Key Usage. Also, U-DECONL and U-ENCONL requires U-KEYAGR to be specified. U-DECONL cannot
be combined with U-ENCONL.
|
| U-DIGSIG |
Specifies that digitalSignature is allowed. |
| U-NONRPD |
Specifies that nonRepudiation is allowed. |
| U-DATENC |
Specifies that dataEncipherment is allowed. |
| U-KEYENC |
Specifies that keyEncipherment is allowed. |
| U-KEYAGR |
Specifies that keyAgreement is allowed. |
| U-KCRTSN |
Specifies that keyCertSign is allowed. |
| U-CRLSN |
Specifies that cRLSign is allowed. |
| U-ENCONL |
Specifies that encipherOnly is allowed. |
| U-DECONL |
Specifies that decipherOnly is allowed. |
| Signature algorithm specification (One required.
Specifies the signature algorithm is to be used in creating the data returned in the certificate
parameter. A hash method rule must also be specified. |
| RSA |
Specifies to use the RSA signature algorithm. The hash method that is used must be SHA-1,
SHA-224, SHA-256, SHA-384, or SHA-512. |
| ECDSA |
Specifies to use the ECDSA signature algorithm. The hash method that is used must be SHA-224,
SHA-256, SHA-384, or SHA-512. |
| Hash-method specification (One required. Specifies
the hashing method that is to be used in conjunction with the required signature algorithm in
creating the data return in the certificate parameter. |
| SHA-1 |
The hash method to be used is SHA-1. Not allowed with the ECDSA signature algorithm. |
| SHA-224 |
The hash method to be used is SHA-224. |
| SHA-256 |
The hash method to be used is SHA-256. |
| SHA-384 |
The hash method to be used is SHA-384. |
| SHA-512 |
The hash method to be used is SHA-512. |