Provided by: tpm2-tools_5.6-1build4_amd64 
NAME
tpm2_certifyX509certutil(1) - Generate partial X509 certificate.
SYNOPSIS
tpm2_certifyX509certutil [OPTIONS]
DESCRIPTION
tpm2_certifyX509certutil(1) - Generates a partial certificate that is suitable as the third input parame‐
ter for TPM2_certifyX509 command. The certificate data is written into a file in DER format and can be
examined using openssl asn1parse tool as follows:
openssl asn1parse -in partial_cert.der -inform DER
OPTIONS
These are the available options:
• -o, --outcert=STRING: The output file where the certificate will be written to. The default is par‐
tial_cert.der Optional parameter.
• -d, --days=NUMBER: The number of days the certificate will be valid starting from today. The default
is 3560 (10 years) Optional parameter.
• -i, --issuer=STRING: The ISSUER entry for the cert in the following format: –issuer=“C=US;O=org;OU=Org
unit;CN=cname” Supported fields are:
• C - “Country”, max size = 2
• O - “Org”, max size = 8
• OU - “Org Unit”, max size = 8
• CN - “Common Name”, max size = 8 The files need to be separated with semicolon. At list one support‐
ed field is required for the option to be valid. Optional parameter.
• -s, --subject=STRING: The SUBJECT for the cert in the following format: –subject=“C=US;O=org;OU=Org
unit;CN=cname” Supported fields are:
• C - “Country”, max size = 2
• O - “Org”, max size = 8
• OU - “Org Unit”, max size = 8
• CN - “Common Name”, max size = 8 The files need to be separated with semicolon. At list one support‐
ed field is required for the option to be valid. Optional parameter.
• ARGUMENT No arguments required.
References
COMMON OPTIONS
This collection of options are common to many programs and provide information that many users may ex‐
pect.
• -h, --help=[man|no-man]: Display the tools manpage. By default, it attempts to invoke the manpager for
the tool, however, on failure will output a short tool summary. This is the same behavior if the “man”
option argument is specified, however if explicit “man” is requested, the tool will provide errors from
man on stderr. If the “no-man” option if specified, or the manpager fails, the short options will be
output to stdout.
To successfully use the manpages feature requires the manpages to be installed or on MANPATH, See
man(1) for more details.
• -v, --version: Display version information for this tool, supported tctis and exit.
• -V, --verbose: Increase the information that the tool prints to the console during its execution. When
using this option the file and line number are printed.
• -Q, --quiet: Silence normal tool output to stdout.
• -Z, --enable-errata: Enable the application of errata fixups. Useful if an errata fixup needs to be
applied to commands sent to the TPM. Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.
information many users may expect.
EXAMPLES
tpm2 certifyX509certutil -o partial_cert.der -d 356
Returns
Tools can return any of the following codes:
• 0 - Success.
• 1 - General non-specific error.
• 2 - Options handling error.
• 3 - Authentication error.
• 4 - TCTI related error.
• 5 - Non supported scheme. Applicable to tpm2_testparams.
BUGS
Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
HELP
See the Mailing List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)
tpm2-tools tpm2_certifyX509certutil(1)