71 lines
1.7 KiB
Markdown
71 lines
1.7 KiB
Markdown
ENV:
|
|
|
|
* CARD_CLI - Card cli command or full path, default `card-cli`
|
|
* SIGN_REQUEST_SLOT - Sign request slot, default `82`
|
|
|
|
# Generate Keypair
|
|
|
|
```shell
|
|
$ java -jar yubikey-ca-java.jar --generate-keypair --keypair-type secp256r1
|
|
```
|
|
|
|
# Issue ROOT CA
|
|
|
|
```shell
|
|
$ java -jar yubikey-ca-java.jar --issue-root-ca \
|
|
--sign-slot 88 --subject 'CN=Hatter EC Root CA' \
|
|
--pin ****** \
|
|
[--add-to-remote]
|
|
```
|
|
|
|
# Issue Intermediate CA
|
|
|
|
```shell
|
|
$ java -jar yubikey-ca-java.jar --issue-intermediate-ca \
|
|
--sign-slot 88 --subject 'CN=Hatter EC Intermediate CA' \
|
|
--cert-slot 89 --root-ca-id 43 \
|
|
--pin ****** \
|
|
[--add-to-remote]
|
|
```
|
|
|
|
# Issue Server CA
|
|
|
|
```shell
|
|
$ java -jar yubikey-ca-java.jar --issue-server-ca \
|
|
--sign-slot 89 --subject 'CN=hatter-test' \
|
|
--intermediate-ca-id 44 --keypair-type secp256r1 \
|
|
--dns-name a.example.com --dns-name b.example.com \
|
|
--pin ****** \
|
|
[--add-to-remote]
|
|
```
|
|
|
|
# Issue Client CA
|
|
|
|
```shell
|
|
$ java -jar yubikey-ca-java.jar --issue-client-ca \
|
|
--sign-slot 89 --subject 'CN=hatter-test' \
|
|
--intermediate-ca-id 44 --keypair-type secp256r1 \
|
|
--pin ****** \
|
|
[--add-to-remote]
|
|
```
|
|
|
|
# Issue Client Code CA
|
|
|
|
```shell
|
|
$ java -jar yubikey-ca-java.jar --issue-client-code-ca \
|
|
--sign-slot 89 --subject 'CN=hatter-test-code' \
|
|
--intermediate-ca-id 44 --keypair-type secp256r1 \
|
|
--pin ****** \
|
|
[--add-to-remote]
|
|
```
|
|
|
|
or
|
|
|
|
```shell
|
|
$ java -jar yubikey-ca-java.jar --issue-client-code-ca \
|
|
--sign-slot 89 --cert-slot 90 --subject 'CN=Hatter Signing CA' --valid-years 10 \
|
|
--intermediate-ca-id 44 \
|
|
--pin ****** \
|
|
[--add-to-remote]
|
|
```
|