Generating Audit Signing CSR with PKI NSS - dogtagpki/pki GitHub Wiki
To create a certificate request, prepare a certificate extension configuration (e.g. audit_signing.conf):
authorityKeyIdentifier = keyid:always keyUsage = critical, digitalSignature, nonRepudiation
Then execute the following command:
$ pki nss-cert-request \
--subject "CN=Audit Signing Certificate" \
--ext audit_signing.conf \
--csr audit_signing.csr
Availability: PKI 10.9