Lines Matching refs:certificate

65 The B<x509> command is a multi purpose certificate utility. It can be
66 used to display certificate information, convert certificates to
67 various forms, sign certificate requests like a "mini CA" or edit
68 certificate trust settings.
82 certificate but this can change if other options such as B<-req> are
83 present. The DER format is the DER encoding of the certificate and PEM
95 This specifies the input filename to read a certificate from or standard input
128 prints out the certificate in text form. Full details are output including the
145 outputs the certificate's SubjectPublicKeyInfo block in PEM format.
150 contained in the certificate.
154 outputs the certificate serial number.
158 outputs the "hash" of the certificate subject name. This is used in OpenSSL to
164 outputs the "hash" of the certificate issuer name.
176 outputs the "hash" of the certificate subject name using the older algorithm
181 outputs the "hash" of the certificate issuer name using the older algorithm
209 prints out the start date of the certificate, that is the notBefore date.
213 prints out the expiry date of the certificate, that is the notAfter date.
217 prints out the start and expiry dates of a certificate.
221 checks if the certificate expires within the next B<arg> seconds and exits
226 prints out the digest of the DER encoded version of the whole certificate
231 this outputs the certificate in the form of a C source file.
239 A B<trusted certificate> is an ordinary certificate which has several
241 and prohibited uses of the certificate and an "alias".
243 Normally when a certificate is being verified at least one certificate
244 must be "trusted". By default a trusted certificate must be stored
245 locally and must be a root CA: any certificate chain ending in this CA
256 certificate: not just root CAs.
263 this causes B<x509> to output a B<trusted> certificate. An ordinary
264 or trusted certificate can be input but by default an ordinary
265 certificate is output and any trust settings are discarded. With the
266 B<-trustout> option a trusted certificate is output. A trusted
267 certificate is automatically output if any trust settings are modified.
271 sets the alias of the certificate. This will allow the certificate
276 outputs the certificate alias, if any.
280 clears all the permitted or trusted uses of the certificate.
284 clears all the prohibited or rejected uses of the certificate.
288 adds a trusted certificate use. Any object name can be used here
300 this option performs tests on the certificate extensions and outputs
318 If the input file is a certificate it sets the issuer name to the
322 by the B<-days> option. Any certificate extensions are retained unless
325 If the input is a certificate request then a self signed certificate
336 delete any extensions from a certificate. This option is used when a
337 certificate is being created from another certificate (for example with
348 specifies the number of days to make a certificate valid for. The default
353 converts a certificate into a certificate request. The B<-signkey> option
358 by default a certificate is expected on input. With this option a
359 certificate request is expected instead.
373 specifies the CA certificate to be used for signing. When this option is
379 B<-req> option the input is a certificate which must be self signed.
383 sets the CA private key to sign a certificate with. If this option is
385 the CA certificate file.
391 When the B<-CA> option is used to sign a certificate it uses a serial
396 The default filename consists of the CA certificate file base name with
397 ".srl" appended. For example if the CA certificate file is called 
403 it will contain the serial number "02" and the certificate being signed will
409 file containing certificate extensions to use. If not specified then
410 no extensions are added to the certificate.
414 the section to add certificate extensions from. If this option is not
607 don't give a hexadecimal dump of the certificate signature.
611 don't print out certificate trust information.
619 retain default extension behaviour: attempt to print out unsupported certificate extensions.
623 print an error message for unsupported certificate extensions.
645 Display the contents of a certificate:
649 Display the certificate serial number:
653 Display the certificate subject name:
657 Display the certificate subject name in RFC2253 form:
661 Display the certificate subject name in oneline form on a terminal
666 Display the certificate MD5 fingerprint:
670 Display the certificate SHA1 fingerprint:
674 Convert a certificate from PEM to DER format:
678 Convert a certificate to a certificate request:
682 Convert a certificate request into a self signed certificate using
688 Sign a certificate request using the CA certificate above and add user
689 certificate extensions:
695 Set a certificate to be trusted for SSL client use and change set its alias to
723 The B<-fingerprint> option takes the digest of the DER encoded certificate.
725 digests the fingerprint of a certificate is unique to that certificate and
736 The B<-purpose> option checks the certificate extensions and determines
737 what the certificate can be used for. The actual checks done are rather
745 certificate can be used as a CA. If the CA flag is true then it is a CA,
749 If the basicConstraints extension is absent then the certificate is
751 to the intended use of the certificate. A warning is given in this case
752 because the certificate should really not be regarded as a CA: however
755 If the certificate is a V1 certificate (and thus has no extensions) and
761 made on the uses of the certificate. A CA certificate B<must> have the
765 certificate uses. If this extension is present (whether critical or not)
779 digitalSignature bit set. Netscape certificate type must be absent or it must
785 authentication" OID. Netscape certificate type must be absent or it must have
794 Netscape certificate type must be absent or have the SSL server bit set.
799 authentication" and/or one of the SGC OIDs.  Netscape certificate type must
813 protection" OID. Netscape certificate type must be absent or should have the
814 S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
831 protection" OID. Netscape certificate type must be absent or must have the
849 Extensions in certificates are not transferred to certificate requests and