hx509.texi - OpenGrok cross reference for /freebsd-9-stable/crypto/heimdal/doc/hx509.texi

Lines Matching refs:certificate
212 * Creating a CA certificate::
215 @c * Issuing a proxy certificate::
216 @c * Creating a user certificate::
217 @c * Validating a certificate::
218 @c * Validating a certificate path::
233 certificate processing tasks, path construction, path validation, OCSP
235 secret encrypted), CMS SignedData (certificate signed), and CMS
236 EnvelopedData (certificate encrypted).
246 X.509 v3 certificate standard, as specified in RFC 3280.
252 stored within a so called certificate. From the beginning X.509 was a
260 There are several flavors of certificate in X.509.
266 Trust anchors are strictly not certificate, but commonly stored in
267 certificate since they are easier to handle then. Trust anchor are the
268 keys that you trust to validate other certificate. This is done by
269 building a path from the certificate you wan to validate to to any of
274 End entity certificates is the most common type of certificate. End
275 entity certificates can't issue certificate them-self and is used to
281 other certificate, they may be End entity certificates or Certificate
295 Proxy certificates can be limited by policy stored in the certificate to
297 certificate to services (by sending over the certificate and private
302 much, so the user creates a proxy certificate with the policy that it
305 certificate with key over to print service. Later at night will the
307 the print job using the proxy certificate and print the job. Because of
308 the policy (limitation) in the proxy certificate, it can't be used for
316 certificate (EE, CA, Proxy, or any other type), the path construction
319 It start with looking at whom issued the certificate, by name or Key
320 Identifier, and tries to find that certificate while at the same time
323 @node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top
329 certificate}.
331 Creating a CA certificate should be more the just creating a
332 certificate, there is the policy of the CA. If it's just you and your
350 How much process should it be to issue certificate.
356 How to handle certificate revocation, issuing CRLs and maintain OCSP
359 @node Creating a CA certificate, Issuing certificates, Setting up a CA, Top
360 @section Creating a CA certificate
362 This section describes how to create a CA certificate and what to think
365 @subsection Lifetime CA certificate
367 You probably want to create a CA certificate with a long lifetime, 10
369 certificate (as a trust anchor) to all you users once again when the old
378 @subsection Create a CA certificate
380 This command below will create a CA certificate in the file ca.pem.
383 hxtool issue-certificate \
389     --certificate="FILE:ca.pem"
392 @subsection Extending lifetime of a CA certificate
394 You just realised that your CA certificate is going to expire soon and
396 is to extend the lifetime of your CA certificate.
398 The example below will extend the CA certificate 10 years into the
399 future. You should compare this new certificate if it contains all the
400 special tweaks as the old certificate had.
403 hxtool issue-certificate \
407     --template-certificate="FILE:ca.pem" \
410     --certificate="FILE:new-ca.pem"
415 This example create a new subordinate certificate authority.
418 hxtool issue-certificate \
419     --ca-certificate=FILE:ca.pem \
423     --certificate="FILE:dev-ca.pem"
427 @node Issuing certificates, Issuing CRLs, Creating a CA certificate, Top
430 First you'll create a CA certificate, after that you have to deal with
431 your users and servers and issue certificate to them.
435 Can receive PKCS10 certificate requests from the users. PKCS10 is a
436 request for a certificate. The user can specified what DN the user wants
457 If you know that the certificate is destroyed then there is no need to
458 revoke the certificate because it can not be used by someone else.
498 hxtool issue-certificate \
509 hxtool issue-certificate \
531 certificate instead.
533 S/MIME certificate can be used in another special way. They can be
535 this is a valid certificate. This is used when you wont want to share
538 hx509 issue-certificate supports adding the email SAN to certificate by
540 eku. If you want to create an certificate without an email address, the
544 hxtool issue-certificate \
551 An example of an certificate without and subject distinguished name with
555 hxtool issue-certificate \
564 How to create a certificate for a KDC.
567 hxtool issue-certificate \
575 How to create a certificate for a user.
578 hxtool issue-certificate \
586 The jabber server certificate should have a dNSname that is the same as
591 hxtool issue-certificate \
598 The certificate may also contain a jabber identifier (JID) that, if the
601 When storing a JID inside the certificate, both for server and client,
608 hxtool issue-certificate have support to add jid to the certificate
612 hxtool issue-certificate \