es-progress · semseysandor · Jun 14, 2025 · Jun 14, 2025 · Jun 14, 2025
diff --git a/docs/bin.md b/docs/bin.md
@@ -13,14 +13,14 @@ This compression is done by `pigz` which creates standard `gzip` files but sprea
 
 Modes:
 
--   Archive
+- Archive
     1. Copy files to destination dir (`rsync`)
     1. Create single archive file from backed up files (`tar` & `pigz`)
     1. Rotate (delete) old archives (`find`)
--   Quick: only copy files to destination.
--   Snapshot: backup only changed files from last backup.
-    Not changed files get hard-linked from previous run so you can access them normally & restore easily but using way less disk space.
-    This is a quick and efficient way to create many backups.
+- Quick: only copy files to destination.
+- Snapshot: backup only changed files from last backup.
+  Not changed files get hard-linked from previous run so you can access them normally & restore easily but using way less disk space.
+  This is a quick and efficient way to create many backups.
 
 **Usage**
 
@@ -63,10 +63,10 @@ OPTIONAL
 A wrapper and runner for `sysbench`.
 You can design multiple test runs with different test parameters, so you can benchmark the system for:
 
--   CPU
--   Memory
--   Disks
--   Download speed
+- CPU
+- Memory
+- Disks
+- Download speed
 
 in a single script.
 
@@ -118,10 +118,10 @@ OPTIONS
 
 Clean-up temporary and other not needed files to free up disk space:
 
--   Remove unused `apt` packages
--   Remove old snaps
--   Rotate system journal (keep 2 weeks of logs)
--   Flush system caches
+- Remove unused `apt` packages
+- Remove old snaps
+- Rotate system journal (keep 2 weeks of logs)
+- Flush system caches
 
 !!! info
 
@@ -176,10 +176,10 @@ Manages a `pass` password store located inside a `tomb`.
 
 Available actions:
 
--   open: open password store in tomb
--   close: close password store
--   generate: generate a password but not save it as a pass. Useful if you just need a strong key.
--   retrieve: get password from store
+- open: open password store in tomb
+- close: close password store
+- generate: generate a password but not save it as a pass. Useful if you just need a strong key.
+- retrieve: get password from store
 
 **Usage**
 

diff --git a/docs/lib/certificate.md b/docs/lib/certificate.md
@@ -18,7 +18,7 @@ Subject example: `/C=CountryCode/ST=State/L=City/O=Your Company/CN=Your site URL
 **Usage**
 
 ```
-cert-create KEY SUBJECT CA_KEY CA_CERT CERT VALIDITY
+cert-create KEY SUBJECT CA_KEY CA_CERT CERT VALIDITY [KEY_TYPE]
 
 Params:
 KEY                Filename of private key
@@ -27,6 +27,8 @@ CA_KEY             Filename of CA private key to sign a certificate with
 CA_CERT            Filename of CA certificate to be used for signing
 CERT               Filename for newly created certificate
 VALIDITY           Certificate validity in days
+KEY_TYPE           Comma-separated list of private key algorithm and options.
+                   Default: RSA,rsa_keygen_bits:4096
 ```
 
 ---

diff --git a/docs/nav.md b/docs/nav.md
@@ -1,19 +1,19 @@
--   [Home](index.md)
--   [Installation](install.md)
--   Reference
-    -   [Bin](bin.md)
-    -   Lib
-        -   [Analytics](lib/analytics.md)
-        -   [Certificates](lib/certificate.md)
-        -   [Database](lib/db.md)
-        -   [Dev Tools](lib/dev.md)
-        -   [Error Handling](lib/error.md)
-        -   [Files](lib/files.md)
-        -   [Git](lib/git.md)
-        -   [GitHub CLI](lib/github.md)
-        -   [Loader](lib/_loader.md)
-        -   [Network](lib/network.md)
-        -   [Process](lib/process.md)
-        -   [SSH](lib/ssh.md)
-        -   [Text Processing](lib/text.md)
-        -   [User Interface](lib/ui.md)
+- [Home](index.md)
+- [Installation](install.md)
+- Reference
+    - [Bin](bin.md)
+    - Lib
+        - [Analytics](lib/analytics.md)
+        - [Certificates](lib/certificate.md)
+        - [Database](lib/db.md)
+        - [Dev Tools](lib/dev.md)
+        - [Error Handling](lib/error.md)
+        - [Files](lib/files.md)
+        - [Git](lib/git.md)
+        - [GitHub CLI](lib/github.md)
+        - [Loader](lib/_loader.md)
+        - [Network](lib/network.md)
+        - [Process](lib/process.md)
+        - [SSH](lib/ssh.md)
+        - [Text Processing](lib/text.md)
+        - [User Interface](lib/ui.md)
diff --git a/lib/certificate.sh b/lib/certificate.sh
@@ -129,18 +129,31 @@ cert-selfsigned() {
 ## @param    $4  CA cert path
 ## @param    $5  Certificate path
 ## @param    $6  Validity in days
-####################################
+## @param    $7  Private key options, comma-separated
+##               first item is algorithm, then any number of options
+##               default: RSA,rsa_keygen_bits:4096
+####################################################################
 cert-create() {
     local priv_key="${1?:Private key path missing}"
     local subject="${2?:CSR subject missing}"
     local ca_priv_key="${3?:CA private key path missing}"
     local ca_cert="${4?:CA cert path missing}"
     local cert="${5?:Certificate path missing}"
     local validity="${6?:Valid days missing}"
-    local csr
+    local priv_key_type="${7:-RSA,rsa_keygen_bits:4096}"
+    local csr key_opts option
+    local priv_key_options=()
+
+    # Parse comma-separated private key options
+    IFS=',' read -ra key_opts <<< "${priv_key_type}"
+    priv_key_options=(-newkey "${key_opts[0]}")
+    unset 'key_opts[0]'
+    for option in "${key_opts[@]}"; do
+        priv_key_options+=(-pkeyopt "${option}")
+    done
 
     csr=$(mktemp)
-    csr-create "${priv_key}" "${csr}" "${subject}"
+    csr-create "${priv_key}" "${csr}" "${subject}" "${priv_key_options[@]}"
     csr-sign "${ca_priv_key}" "${ca_cert}" "${csr}" "${cert}" "${validity}"
 }