ssh-certtool - certificate management tool.


ssh-certtool [ -b key-length ] [ -d debug-level ] [ -h ] [ -n algorithm ] [ -o output-file ] [ -p private-key ] [ -V ] [ -z option ] pkcs10|pkcs12 [arguments]

ssh-certtool [options] pkcs10 subject [keyUsage] [extendedKeyUsage]

ssh-certtool [options] pkcs12 [file1] ... [fileN]


You can use ssh-certtool to create a PKCS#10 certificate request or to create a PKCS#12 package containing a private key and one or more certificates.

Creating a PKCS#10 certificate request

The general syntax for creating a PKCS#10 file is:

ssh-certtool [options] pkcs10 subject [keyUsage] [extendedKeyUsage]

Note: req is supported as a synonym for pkcs10.

The value you specify as subject defines the certificate's Subject field. The subject name is required. Use the distinguished name syntax specified by RFC2253. Use commas to separate Subject elements (RDNs). RDNs can be specified using standard abbreviations (CN) or OIDs ( Quotation marks are required if the subject name contains embedded white space. For example, "CN=Steve Kille,O=Isode Limited,C=GB".

The filename of the generated certificate request is based on the prefix specified by the o option, with .pkcs10 appended. The default filename of a generated private key, when o is not specified, is output.pkcs10.

To create a request using an existing private key use p to specify the key. To generate a new private key for the request, you must specify either key type (-n), key size (b) or both. The filename of the generated private key is based on the prefix specified by the o option, with .ssh2 appended. The default filename of a generated private key, when o is not specified, is output.ssh2. If a key with the same name already exists, you are prompted to overwrite it. If you elect not to overwrite it, ssh-certtool exits with a return code of zero.

You can use optional flags to set keyUsage and extendedKeyUsage fields. Use commas, spaces or tabs to separate items. All Key Usage and Extended Key Usage flags are marked as critical in the PKCS#10 request. Valid keyUsage flags are digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly and decipherOnly. If you omit this argument, the digitalSignature and keyEncipherment flags are set by default. Valid extendedKeyUsage flags are anyExtendedKeyUsage, serverAuth, clientAuth, codeSigning and emailProtection. No extended key usage flags are set by default.

Creating a PKCS#12 package

The general syntax for creating a PKCS#12 package is:

ssh-certtool [options] pkcs12 [file1] ... [fileN]

This constructs a PKCS#12 package file containing one private key and multiple certificates read from the file arguments. The PKCS#12 package file contains one safe, which contains the private key and all the certificates. The filename of the generated package file is based on the prefix specified by the o option, with .p12 appended. The default filename of the generated PKCS#12 package, when o is not specified, is output.p12. The PKCS#12 package is protected by an HMAC, and ssh-certtool prompts you for a passphrase before creating the package.

File arguments containing private keys can be read in naked PKCS#8 format, in ssh2 PEM format, or in openSSH PEM format. If the key is protected by a passphrase, ssh-certtool prompts for the passphrase. File arguments containing certificates are recognized in both DER-encoded and PEM-encoded format.

By default, the individual private key and certificates are saved into the PKCS#12 output file using default PBE protection schemes. The default scheme for key encryption is pbeWithSHA1And3-KeyTripleDES-CBC. The default for safe encryption is pbeWithSHA1And40BitRC2-CBC format. You can use the z option to configure different PBE protection schemes.


Options are available in both a single-character form (such as o) and a descriptive equivalent (‑‑option). Single characters are shown here. To view the descriptive equivalents, use the h command line option.

-b bits

Specifies the key size used for generated keys. The default for RSA keys is 2048 bits and for DSA keys is 1024 bits. The value for a DSA key must be an integral multiple of 64. This option is valid for PKCS#10 file creation only.

-d debug_level

Enables debug output. Use 1, 2, 3, or 99. (Values 4-98 are accepted, but are equivalent to 3.)


Displays a brief summary of command options.

-n algorithm

Specifies the algorithm used for key generation. Possible values are "rsa" and "dsa". The default is "rsa". This option is valid for PKCS#10 file creation only.

-o output_file_prefix

Specifies the first portion of the filename for output files. You can include an absolute path to generate the file in a different location. The default is "output". (The filename suffix is generated based on the file type: the suffix for PKCS#10 files is .pkcs10, for PKCS#12 is.p12, and for private keys is .ssh2.)

-p private_key

Specifies a private key to use in a certificate request. This option is valid for PKCS#10 file creation only.


Displays product name and version information and exits. If other options are specified on the command line, they are ignored.

-z Key=Value

Specifies certificate options for PKCS#10 requests, and encryption options for PKCS#12 packages.

For PKCS#10 requests, Key must be either DNS or Email (case-insensitive). There should be no white space in this option, including before or after the equal sign, unless the value literally contains white space characters in its name. The DNS option sets the DNS Alt Name extension. The Email option sets the EMail Alt Name extension. These extensions are not marked as critical.

For PKCS#12 packages, Key must be either KeyPBE or SafePBE (case-insensitive). There should be no whitespace in this option, including before or after the equal sign. KeyPBE sets the key encryption and hmac scheme. SafePBE sets the safe encryption and hmac scheme. Values are listed below. The default for KeyPBE is PBE-SHA1-3DES. The default for SafePBE is PBE-SHA1-RC2-40. The long names in parentheses are synonyms.


PBE-SHA1-RC4-128 (pbeWithSHA1And128BitRC4)

PBE-SHA1-RC4-40 (pbeWithSHA1And40BitRC4)

PBE-SHA1-3DES (pbeWithSHA1And3-KeyTripleDES-CBC)

PBE-SHA1-2DES (pbeWithSHA1And2-KeyTripleDES-CBC)

PBE-SHA1-RC2-128 (pbeWithSHA1And128BitRC2-CBC)


PBE-SHA1-RC2-40 (pbeWithSHA1And40BitRC2-CBC)

PBE-MD2-RC2-64 (pbeWithMD2AndRC2-CBC)

PBE-MD5-RC2-64 (pbeWithMD5AndRC2-CBC)


To create a PKCS#10 request using a newly generated key:

ssh-certtool -n RSA -z -z pkcs10 CN=steved,,OU=rsit,C=US DigitalSignature,nonRepudiation ServerAuth,ClientAuth

To create a PKCS#12 package file and specify encryption for the key and safe:

ssh-certtool -z keyPBE=default -z safePBE=PBE-SHA1-RC4-40 -ofile pkcs12 id_rsa.crt id_rsa


Copyright (C) 2009 Attachmate Corporation


ssh-certview(1), ssh(1), ssh2_config(5), ssh-keygen(1), scp(1), sftp(1), ssh-add(1), ssh-agent(1), sshd(8), sshd2_config(5), pkid(8), pki_config(5), pki_mapfile(5), pki-val(1)

Additional Reflection for Secure IT documentation is available online from the Attachmate documentation web page:

And from the technical note library: