Lines Matching refs:certificate

63 The B<x509> command is a multi purpose certificate utility. It can be
64 used to display certificate information, convert certificates to
65 various forms, sign certificate requests like a "mini CA" or edit
66 certificate trust settings.
80 certificate but this can change if other options such as B<-req> are
81 present. The DER format is the DER encoding of the certificate and PEM
93 This specifies the input filename to read a certificate from or standard input
126 prints out the certificate in text form. Full details are output including the
144 contained in the certificate.
148 outputs the certificate serial number.
152 outputs the "hash" of the certificate subject name. This is used in OpenSSL to
158 outputs the "hash" of the certificate issuer name.
189 prints out the start date of the certificate, that is the notBefore date.
193 prints out the expiry date of the certificate, that is the notAfter date.
197 prints out the start and expiry dates of a certificate.
201 checks if the certificate expires within the next B<arg> seconds and exits
206 prints out the digest of the DER encoded version of the whole certificate
211 this outputs the certificate in the form of a C source file.
219 A B<trusted certificate> is an ordinary certificate which has several
221 and prohibited uses of the certificate and an "alias".
223 Normally when a certificate is being verified at least one certificate
224 must be "trusted". By default a trusted certificate must be stored
225 locally and must be a root CA: any certificate chain ending in this CA
236 certificate: not just root CAs.
243 this causes B<x509> to output a B<trusted> certificate. An ordinary
244 or trusted certificate can be input but by default an ordinary
245 certificate is output and any trust settings are discarded. With the
246 B<-trustout> option a trusted certificate is output. A trusted
247 certificate is automatically output if any trust settings are modified.
251 sets the alias of the certificate. This will allow the certificate
256 outputs the certificate alias, if any.
260 clears all the permitted or trusted uses of the certificate.
264 clears all the prohibited or rejected uses of the certificate.
268 adds a trusted certificate use. Any object name can be used here
280 this option performs tests on the certificate extensions and outputs
298 If the input file is a certificate it sets the issuer name to the
302 by the B<-days> option. Any certificate extensions are retained unless
305 If the input is a certificate request then a self signed certificate
316 delete any extensions from a certificate. This option is used when a
317 certificate is being created from another certificate (for example with
328 specifies the number of days to make a certificate valid for. The default
333 converts a certificate into a certificate request. The B<-signkey> option
338 by default a certificate is expected on input. With this option a
339 certificate request is expected instead.
353 specifies the CA certificate to be used for signing. When this option is
359 B<-req> option the input is a certificate which must be self signed.
363 sets the CA private key to sign a certificate with. If this option is
365 the CA certificate file.
371 When the B<-CA> option is used to sign a certificate it uses a serial
376 The default filename consists of the CA certificate file base name with
377 ".srl" appended. For example if the CA certificate file is called 
383 it will contain the serial number "02" and the certificate being signed will
389 file containing certificate extensions to use. If not specified then
390 no extensions are added to the certificate.
394 the section to add certificate extensions from. If this option is not
584 don't give a hexadecimal dump of the certificate signature.
588 don't print out certificate trust information.
596 retain default extension behaviour: attempt to print out unsupported certificate extensions.
600 print an error message for unsupported certificate extensions.
622 Display the contents of a certificate:
626 Display the certificate serial number:
630 Display the certificate subject name:
634 Display the certificate subject name in RFC2253 form:
638 Display the certificate subject name in oneline form on a terminal
643 Display the certificate MD5 fingerprint:
647 Display the certificate SHA1 fingerprint:
651 Convert a certificate from PEM to DER format:
655 Convert a certificate to a certificate request:
659 Convert a certificate request into a self signed certificate using
665 Sign a certificate request using the CA certificate above and add user
666 certificate extensions:
672 Set a certificate to be trusted for SSL client use and change set its alias to
700 The B<-fingerprint> option takes the digest of the DER encoded certificate.
702 digests the fingerprint of a certificate is unique to that certificate and
713 The B<-purpose> option checks the certificate extensions and determines
714 what the certificate can be used for. The actual checks done are rather
722 certificate can be used as a CA. If the CA flag is true then it is a CA,
726 If the basicConstraints extension is absent then the certificate is
728 to the intended use of the certificate. A warning is given in this case
729 because the certificate should really not be regarded as a CA: however
732 If the certificate is a V1 certificate (and thus has no extensions) and
738 made on the uses of the certificate. A CA certificate B<must> have the
742 certificate uses. If this extension is present (whether critical or not)
756 digitalSignature bit set. Netscape certificate type must be absent or it must
762 authentication" OID. Netscape certificate type must be absent or it must have
771 Netscape certificate type must be absent or have the SSL server bit set.
776 authentication" and/or one of the SGC OIDs.  Netscape certificate type must
790 protection" OID. Netscape certificate type must be absent or should have the
791 S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
808 protection" OID. Netscape certificate type must be absent or must have the
826 Extensions in certificates are not transferred to certificate requests and