ocm create rsakeypair [<private key file> [<public key file>]] {<subject-attribute>=<value>}


      --ca                     create certificate for a signing authority
      --ca-cert string         certificate authority to sign public key
      --ca-key string          private key for certificate authority
  -E, --encrypt                encrypt private key with new key
  -e, --encryptionKey string   encrypt private key with given key
  -h, --help                   help for rsakeypair
      --root-certs string      root certificates used to validate used certificate authority
      --validity duration      certificate validity (default 87600h0m0s)


Create an RSA public key pair and save to files.

The default for the filename to store the private key is rsa.priv. If no public key file is specified, its name will be derived from the filename for the private key (suffix .pub for public key or .cert for certificate). If a certificate authority is given (–ca-cert) the public key will be signed. In this case a subject (at least common name/issuer) and a private key (–ca-key) for the ca used to sign the key is required.

If only a subject is given and no ca, the public key will be self-signed. A signed public key always contains the complete certificate chain. If a non-self-signed ca is used to sign the key, its certificate chain is verified. Therefore, an additional root certificate (–root-certs) is required, if no public root certificate was used to create the used ca.

For signing the public key the following subject attributes are supported:

  • CN, common-name, issuer: Common Name/Issuer
  • O, organization, org: Organization
  • OU, organizational-unit, org-unit: Organizational Unit
  • STREET (multiple): Street Address
  • POSTALCODE, postal-code (multiple): Postal Code
  • L, locality (multiple): Locality
  • S, province, (multiple): Province
  • C, country, (multiple): Country


$ ocm create rsakeypair mandelsoft.priv mandelsoft.cert issuer=mandelsoft

See Also

  • ocm create — Create transport or component archive