This tool generates a Certificate Signing Request (CSR) using a private key from a YubiKey device.
yk-csr-gen [options]
--new-pk,--replace-private-key: Indicates whether to replace the existing private key in the slot. If specified or set to true, a new private key will be generated. (Default:False)--slot,--slot-number <82|83|84|85|86|87|88|89|8A|8B|8C|8D|8E|8F|90|91|92|93|94|95|9A|9C|9D|9E>: The slot number on the YubiKey device to be used for the key generation or retrieval. (Default:9D)--out,--out-file <out-file>: The file path where the generated CSR will be written. If not provided, CSR will be printed to the console.--out-pub,--out-pub-file <out-pub-file>: If specified, the file path where the public key extracted from the CSR will be written.--text: Print CSR to console irrespective of file output option. (Default:False)--text-pub: Print the public key to the console. (Default:False)--hash <1.3.14.3.2.26|2.16.840.1.101.3.4.2.1|2.16.840.1.101.3.4.2.2|2.16.840.1.101.3.4.2.3|SHA1|sha1|SHA256|sha256|SHA384|sha384|SHA512|sha512>: Specifies the hash algorithm to use for the CSR. Supported hash algorithms are SHA1, SHA256, SHA384, and SHA512. OIDs and friendly names (case-insensitive) of the algorithms can be used. (Default:SHA256)--cn,--common-name <common-name>: The Common Name (CN) attribute to be included in the CSR's Distinguished Name (DN).--c,--country,--region <country>: The Country or Region (C) attribute for the CSR's DN.--dc,--domain-component <domain-component>: The Domain Component (DC) attribute for the CSR's DN.--e,--email <email>: The Email Address (E) attribute for the CSR's DN.--city,--l,--locality <locality>: The Locality (L) attribute for the CSR's DN, typically represents the city or locality.--organizational-unit,--ou <organizational-unit>: The Organizational Unit (OU) attribute for the CSR's DN, typically represents the department within an organization.--o,--organization <organization>: The Organization (O) attribute for the CSR's DN.--province,--st,--state <province>: The State or Province (ST) attribute for the CSR's DN.--s-dns,--san-dns <san-dns>: [Multiple] DNS name to be added to the Subject Alternative Name (SAN) extension.--s-e,--san-email <san-email>: [Multiple] Email address to be added to the SAN extension.--s-ip,--san-ip <san-ip>: [Multiple] IP address to be added to the SAN extension.--s-uri,--san-uri <san-uri>: [Multiple] URI to be added to the SAN extension.--s-upn,--san-user-principal-name <san-user-principal-name>: [Multiple] User Principal Name (UPN) to be added to the SAN extension.--oid <oid>: [EXPERIMENTAL] [Multiple] Specify custom OID values in the form of o.i.d=value.--version: Show version information.-?, -h, --help: Show help and usage information.