Generates a PKCS#10 Certificate Request (CSR).

pkiutil newcsr -pubkey <pubkey> -privkey <privkey> -csrout <csrout> [-dn <dn>] -sigalg <sigalg> [-sigalg <sigalg> ... -sigalg <sigalg>]

For example:

pkiutil newcsr -pubkey pub.pem -privkey priv.pem -csrout mycsr.pem -dn “cn=composite,c=ca” -sigalg SHA256withRSA -sigalg SHA256withECDSA

See below for a description of each option.

-csrout <csrout>
-dn <dn>
-privkey <privkey>
-pubkey <pubkey>
-sigalg <sigalg>

-csrout <csrout>

Save the request in a file with the <csrout> name.

Mandatory: Yes.

-dn <dn>

Set <dn> as the Distinguished Name in the certificate request.

Mandatory: No. When omitted, this value defaults to:

Composite Test CA

-privkey <privkey>

Sign the request with the <privkey> private key, where <privkey> is the name of a file generated with the pkiutil keygen command.

Mandatory: Yes.

-pubkey <pubkey>

Request a certificate for the <pubkey> public key, where <pubkey> is the name of a file generated with the pkiutil keygen command.

Mandatory: Yes.

-sigalg <sigalg>

Sign the request with the <sigalg> algorithm, where <sigalg> is one of the algorithm identifiers listed in PKIUtil algorithm reference . Select more than one algorithm to generate a composite request.

Mandatory: Yes.