Chapter 23. PKCS10Client (Generating a PKCS #10 Certificate Request)

The PKCS #10 utility, PKCS10Client, generates a 1024-bit RSA key pair in the security database, constructs a PKCS#10 certificate request with the public key, and outputs the request to a file.
PKCS #10 is a certification request syntax standard defined by RSA. A CA may support multiple types of certificate requests. The Certificate System CA supports KEYGEN, PKCS#10, CRMF, and CMC.
To get a certificate from the CA, the certificate request needs to be submitted to and approved by a CA agent. Once approved, a certificate is created for the request, and certificate attributes, such as extensions, are populated according to certificate profiles.

23.1. Syntax

The PKCS10Client tool has the following syntax:
PKCS10Client -p certDBPassword -d certDBDirectory -o outputFile -s subjectDN
Option Description
p Gives the password for the security databases.
d Gives the path to the security databases.
o Sets the path and filename to output the new PKCS #10 certificate in base 64 format.
s Gives the subject DN of the certificate.