Provided by: isakmpd_20041012-10build1_amd64 bug

NAME
       certpatch — add subjectAltName identities to X.509 certificates


SYNOPSIS
       certpatch [-t identity-type] -i identity -k signing-key input-certificate output-certificate


DESCRIPTION
       certpatch  alters  PEM-encoded  X.509  certificates  by  adding  a subjectAltName extension containing an
       identity used by the signature-based authentication schemes of the ISAKMP protocol.  After  the  addition
       the certificate will be signed once again with the supplied CA signing key.

       The options are as follows:

       -t identity-type
               If  given, the -t option specifies the type of the given identity.  Currently ip, fqdn, and ufqdn
               are recognized.  The default is ip.

       -i identity
               The -i option takes an argument which is the identity to put into the subjectAltName field of the
               certificate.  If the identity-type is ip, this argument should  be  an  IPv4  address  in  dotted
               decimal notation.

       -k signing-key
               The  -k  option  specifies  the  key  used  for  signing  the certificate once the subjectAltName
               extension has been added.  The key is specified by the filename where it is stored in PEM format.


SEE ALSO
       isakmpd(8), ssl(8)

Debian                                            July 18, 1999                                     CERTPATCH(8)