CERTPATCH(8) OpenBSD System Manager's Manual CERTPATCH(8)
certpatch - add subjectAltName identities to X.509 certificates
certpatch [-t identity-type] -i identity -k signing-key input-certificate
certpatch alters PEM-encoded X.509 certificates by adding a subjectAlt-
Name extension containing an identity used by the signature-based authen-
tication schemes of the ISAKMP protocol. After the addition the certifi-
cate will be signed once again with the supplied CA signing key.
The options are as follows:
If given, the -t option specifies the type of the given identity.
Currently ip, fqdn, and ufqdn are recognized. The default is ip.
The -i option takes an argument which is the identity to put into
the subjectAltName field of the certificate. If the identity-
type is ip, this argument should be an IPv4 address in dotted
The -k option specifies the key used for signing the certificate
once the subjectAltName extension has been added. The key is
specified by the filename where it is stored in PEM format.
OpenBSD 3.6 July 18, 1999 1