The certgen utility allows the user to create digital
   certificates in the form runfilename.cer.
   Private keys will be placed in [.CDSA.PKD]csp-name.PRI under
   the login directory of the current process.

   This program generally is called by
   CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM.

 SYNOPSIS

   certgen [runfilename]

 OPTIONS

   runfilename

   This optional parameter specifies the name of the run file that
   contains the parameters that certgen needs to create a certificate.
   If no run file is specified, the default run file is
   certgen.run in the current directory.

   A certgen run file contains the following items,
   as appropriate - each on a separate line:

     certtype location
        certtype can be one of the following:
        -s Indicates a self-signed certificate.
        -i Indicates a certificate signed by another certificate.
        -v Indicates that the created certificate takes its subject and
           public key from a certificate issued by another vendor.
           You cannot use this option to create a self-signed certificate.

        location indicates where the issuer certificate is read
        from if -i or -v is specified.

     filename
        If certtype is -s or -i, filename indicates the location of the
        XML template that contains the Subject Name that must go into this
        certificate. If certtype is -v, filename indicates the location of
        the Vendor Certificate.

     algorithm
        Indicates the algorithm used to generate the key pair associated
        with the certificate being created. Algorithm can be either DSA
        or RSA. The specified algorithm must be supported by one of the
        Cryptographic Service Providers available in the local
        implementation of CDSA.
        This parameter is not valid if -v is specified for certtype.

     keysize
        Specifies the logical key size (in bits) of the key pair being
        generated. Typical examples are 128, 256, 512, 1024, and so on.
        The specified key size must be supported by one of the
        Cryptographic Service Providers available in the local
        implementation of CDSA.
        This parameter is not valid if -v is specified for certtype.

     cspguid
        The globally unique identifier of the Cryptographic Service
        Provider that is being used.

     certfile
        The output file into which the created certificate is to
        be written.

     subject_password
        The password used to protect a key pair if one is being
        generated. This parameter is not valid if -v is specified
        for certtype.

     issuer_password
        The password used to unlock the private key required to
        sign the generated certificate.
        This parameter is not valid if -s is specified for certtype.

     validity_period
        The validity period for the certificate.  This parameter
        contains a start and end date for the validity period in the
        form YYMMDDHHMMSS YYMMDDHHMMSS.
        The validity period  cannot extend beyond the year 2049.
        If validity_period is not specified, the validity period for
        the certificate lasts for exactly one year.