We are constantly enhancing wolfCLU, a command line utility for manipulating certificates. Recently we added some new x509 options. These additions, -req, -extfile, -extensions, -signkey and -* enhance the x509 functionality. Having these options added to wolfCLU helps with generatingself-signed x509 certificates when using the x509 command.
- [-req] Users can generate a certificate signing request (CSR) directly from the command line.
- [-extfile] Users can specify a file containing certificate extension configuration.
- [-extensions] Users can define certificate extensions directly in the command line.[-signkey] Users can provide an existing private key to sign the certificate being generated.
- [-*] Users can select any supported digest for signing. Currently sha1, sha256, sha384 and sha512 are available.
The following example demonstrates how to use these new options to update a self signed x509 certificate.
wolfssl x509 -req -in client-cert.csr -extfile wolfssl.cnf -extensions uri -signkey client-key.pem -out client-uri-cert.pem
These new options are part of our ongoing commitment to provide a feature-rich and user-friendly experience with wolfCLU’s x509 command.