Public Infrastructure Certificate (CSNDPIC)
Use the Public Infrastructure Certificate verb to create a self-signed PKCS #10 certificate signing request (CSR) based on an existing RSA or ECC pair of private key and public key. The self-signed PKCS #10 request for the input public key is signed by the input private key.
For a PKCS #10 CSR, the input private key can either be an internal RSA or ECC token, or the label of the private key, or it can be the label of an RSA retained key token. In addition to the input private key, the user must specify extra input parameters that specify the following:
- The subject's distinguished name.
- The key usage and constraints indicators.
- The signature algorithm and hashing-method.
- The certificate extensions.
- The output format of the CSR.
Note: This verb supports PCI-HSM 2016
compliant-tagged key tokens.
This verb does not need to document any Restrictions nor Usage notes.