Use the GSKCapiCmd tool. GSKCapiCmd is a tool that manages keys, certificates,
and certificate requests within a CMS key database. The tool has all of the
functionality that the existing GSKit Java command line tool has, except GSKCapiCmd
supports CMS and PKCS11 key databases. If you plan to manage key databases
other than CMS or PKCS11, use the existing Java tool. You can use GSKCapiCmd
to manage all aspects of a CMS key database. GSKCapiCmd does not require Java
to be installed on the system.
gsk7capicmd -certreq -create -db <name> [-crypto <module name> [-tokenlabel <token label>]]
[-pw <passwd>] -label <label> -dn <dist name> [-size ,2048 | 1024 | 512>] -file <name> [-secondaryDB
<filename> -secondaryDBpw <password>] [-fips] [-sigalg <md5 | sha1]