The Subject Alternative Names to be included in the PKI certificate (in a comma-separated list) (if CSR is supplied this flag is ignored and any DNS.* names are taken from it)

The name of the PKI certificate issuer

The common name to be included in the PKI certificate (if CSR is supplied this flag is ignored and the CSR subject CN is taken)

Certificate Signing Request contents encoded in base64 to generate the certificate with

A comma-separated list of extended key usage requests which will be used for certificate issuance. Supported values: 'clientauth', 'serverauth', 'codesigning'. If critical is present the extension will be marked as critical

A json string that defines the requested extra extensions for the certificate

PKI key file contents. If this option is used, the certificate will be printed to stdout

Authentication token (see /auth and /configure)

Updated certificate lifetime in seconds (must be less than the Certificate Issuer default TTL)

The universal identity token, Required only for universal_identity authentication

The URI Subject Alternative Names to be included in the PKI certificate (in a comma-separated list) (if CSR is supplied this flag is ignored and any URI.* names are taken from it)