Generating OCSP Signing CSR with PKI NSS - dogtagpki/pki GitHub Wiki

Generating CSR

To create a certificate request, prepare a certificate extension configuration (e.g. ocsp_signing.conf):

authorityKeyIdentifier = keyid:always
extendedKeyUsage       = OCSPSigning
noCheck                = ignored

Then execute the following command:

$ pki nss-cert-request \
    --subject "CN=OCSP Signing Certificate" \
    --ext ocsp_signing.conf \
    --csr ocsp_signing.csr

Availability: PKI 10.10

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️