certpatch
alters PEM-encoded X.509 certificates by adding a subjectAltName extension
containing an identity used by the signature-based authentication schemes
of the ISAKMP protocol.
After the addition the certificate will be signed
once again with the supplied CA signing key.
The options are as follows:
-t identity-type
If given, the
-t
option specifies the type of the given identity.
Currently
ipfqdn
and
ufqdn
are recognized.
The default is
ip
-i identity
The
-i
option takes an argument which is the identity to put into the
subjectAltName field of the certificate.
If the identity-type is
ip
this argument should be an IPv4 address in dotted decimal notation.
-k signing-key
The
-k
option specifies the key used for signing the certificate once the
subjectAltName extension has been added.
The key is specified by
the filename where it is stored in PEM format.