Use the GSKCapiCmd tool. GSKCapiCmd is a tool that manages
keys, certificates, and certificate requests within a CMS key database.
The tool has all of the functionality that the existing GSKit Java
command line tool has, except GSKCapiCmd supports CMS and PKCS11 key
databases. If you plan to manage key databases other than CMS or PKCS11,
use the existing Java tool. You can use GSKCapiCmd to manage all aspects
of a CMS key database. GSKCapiCmd does not require Java to be installed
on the system.
gsk7capicmd -certreq -create -db <name> [-crypto <module name> [-tokenlabel <token label>]]
[-pw <passwd>] -label <label> -dn <dist name> [-size <2048 | 1024 | 512>] -file <name> [-secondaryDB
<filename> -secondaryDBpw <password>] [-fips] [-sigalg <md5 | sha1]