Create a certificate request file

A certificate request file specifies the attributes of the certificate that is to be requested.

Using the certutil command with -R option (request file), you can now create a certificate request file (tmpcertreq) for the https server certificate in the token.

The path of the nss database is specified using the -d option.
The subject name is specified using the -s option.
Replace <FQDN> with your fully-qualified domain name (which you can obtain using the hostname -f command).
The name and location of the output file is specified using the -o option.
The certificate will contain a 2048-bit RSA key pair that is generated using the -g option.
The certificate request file for the server certificate is created using the -h option together with the token name "myicatoken" (token name "myicatoken" was previously used to initialize the token).
The requested password is the user PIN of the ICA token that was set in Step 7 of topic Configuring the openCryptoki ica token.

# certutil -R -d /etc/httpd/nss -s “CN=<FQDN>, O=example.com, C=US” -o 
      /etc/httpd/nss/tmpcertreq -g 2048 -h myicatoken
Enter Password or Pin for "myicatoken": 25345867
...

Continue typing until the progress meter is full:

|************************************************************|

Finished.  Press enter to continue:


Generating key.  This may take a few moments...