1 2=pod 3 4=head1 NAME 5 6req - PKCS#10 certificate request and certificate generating utility. 7 8=head1 SYNOPSIS 9 10B<openssl> B<req> 11[B<-inform PEM|DER>] 12[B<-outform PEM|DER>] 13[B<-in filename>] 14[B<-passin arg>] 15[B<-out filename>] 16[B<-passout arg>] 17[B<-text>] 18[B<-pubkey>] 19[B<-noout>] 20[B<-verify>] 21[B<-modulus>] 22[B<-new>] 23[B<-rand file(s)>] 24[B<-newkey rsa:bits>] 25[B<-newkey alg:file>] 26[B<-nodes>] 27[B<-key filename>] 28[B<-keyform PEM|DER>] 29[B<-keyout filename>] 30[B<-keygen_engine id>] 31[B<-[digest]>] 32[B<-config filename>] 33[B<-multivalue-rdn>] 34[B<-x509>] 35[B<-days n>] 36[B<-set_serial n>] 37[B<-asn1-kludge>] 38[B<-no-asn1-kludge>] 39[B<-newhdr>] 40[B<-extensions section>] 41[B<-reqexts section>] 42[B<-utf8>] 43[B<-nameopt>] 44[B<-reqopt>] 45[B<-subject>] 46[B<-subj arg>] 47[B<-batch>] 48[B<-verbose>] 49[B<-engine id>] 50 51=head1 DESCRIPTION 52 53The B<req> command primarily creates and processes certificate requests 54in PKCS#10 format. It can additionally create self signed certificates 55for use as root CAs for example. 56 57=head1 COMMAND OPTIONS 58 59=over 4 60 61=item B<-inform DER|PEM> 62 63This specifies the input format. The B<DER> option uses an ASN1 DER encoded 64form compatible with the PKCS#10. The B<PEM> form is the default format: it 65consists of the B<DER> format base64 encoded with additional header and 66footer lines. 67 68=item B<-outform DER|PEM> 69 70This specifies the output format, the options have the same meaning as the 71B<-inform> option. 72 73=item B<-in filename> 74 75This specifies the input filename to read a request from or standard input 76if this option is not specified. A request is only read if the creation 77options (B<-new> and B<-newkey>) are not specified. 78 79=item B<-passin arg> 80 81the input file password source. For more information about the format of B<arg> 82see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 83 84=item B<-out filename> 85 86This specifies the output filename to write to or standard output by 87default. 88 89=item B<-passout arg> 90 91the output file password source. For more information about the format of B<arg> 92see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 93 94=item B<-text> 95 96prints out the certificate request in text form. 97 98=item B<-subject> 99 100prints out the request subject (or certificate subject if B<-x509> is 101specified) 102 103=item B<-pubkey> 104 105outputs the public key. 106 107=item B<-noout> 108 109this option prevents output of the encoded version of the request. 110 111=item B<-modulus> 112 113this option prints out the value of the modulus of the public key 114contained in the request. 115 116=item B<-verify> 117 118verifies the signature on the request. 119 120=item B<-new> 121 122this option generates a new certificate request. It will prompt 123the user for the relevant field values. The actual fields 124prompted for and their maximum and minimum sizes are specified 125in the configuration file and any requested extensions. 126 127If the B<-key> option is not used it will generate a new RSA private 128key using information specified in the configuration file. 129 130=item B<-subj arg> 131 132Replaces subject field of input request with specified data and outputs 133modified request. The arg must be formatted as 134I</type0=value0/type1=value1/type2=...>, 135characters may be escaped by \ (backslash), no spaces are skipped. 136 137=item B<-rand file(s)> 138 139a file or files containing random data used to seed the random number 140generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 141Multiple files can be specified separated by a OS-dependent character. 142The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 143all others. 144 145=item B<-newkey arg> 146 147this option creates a new certificate request and a new private 148key. The argument takes one of several forms. B<rsa:nbits>, where 149B<nbits> is the number of bits, generates an RSA key B<nbits> 150in size. If B<nbits> is omitted, i.e. B<-newkey rsa> specified, 151the default key size, specified in the configuration file is used. 152 153All other algorithms support the B<-newkey alg:file> form, where file may be 154an algorithm parameter file, created by the B<genpkey -genparam> command 155or and X.509 certificate for a key with approriate algorithm. 156 157B<param:file> generates a key using the parameter file or certificate B<file>, 158the algorithm is determined by the parameters. B<algname:file> use algorithm 159B<algname> and parameter file B<file>: the two algorithms must match or an 160error occurs. B<algname> just uses algorithm B<algname>, and parameters, 161if neccessary should be specified via B<-pkeyopt> parameter. 162 163B<dsa:filename> generates a DSA key using the parameters 164in the file B<filename>. B<ec:filename> generates EC key (usable both with 165ECDSA or ECDH algorithms), B<gost2001:filename> generates GOST R 16634.10-2001 key (requires B<ccgost> engine configured in the configuration 167file). If just B<gost2001> is specified a parameter set should be 168specified by B<-pkeyopt paramset:X> 169 170 171=item B<-pkeyopt opt:value> 172 173set the public key algorithm option B<opt> to B<value>. The precise set of 174options supported depends on the public key algorithm used and its 175implementation. See B<KEY GENERATION OPTIONS> in the B<genpkey> manual page 176for more details. 177 178=item B<-key filename> 179 180This specifies the file to read the private key from. It also 181accepts PKCS#8 format private keys for PEM format files. 182 183=item B<-keyform PEM|DER> 184 185the format of the private key file specified in the B<-key> 186argument. PEM is the default. 187 188=item B<-keyout filename> 189 190this gives the filename to write the newly created private key to. 191If this option is not specified then the filename present in the 192configuration file is used. 193 194=item B<-nodes> 195 196if this option is specified then if a private key is created it 197will not be encrypted. 198 199=item B<-[digest]> 200 201this specifies the message digest to sign the request with (such as 202B<-md5>, B<-sha1>). This overrides the digest algorithm specified in 203the configuration file. 204 205Some public key algorithms may override this choice. For instance, DSA 206signatures always use SHA1, GOST R 34.10 signatures always use 207GOST R 34.11-94 (B<-md_gost94>). 208 209=item B<-config filename> 210 211this allows an alternative configuration file to be specified, 212this overrides the compile time filename or any specified in 213the B<OPENSSL_CONF> environment variable. 214 215=item B<-subj arg> 216 217sets subject name for new request or supersedes the subject name 218when processing a request. 219The arg must be formatted as I</type0=value0/type1=value1/type2=...>, 220characters may be escaped by \ (backslash), no spaces are skipped. 221 222=item B<-multivalue-rdn> 223 224this option causes the -subj argument to be interpreted with full 225support for multivalued RDNs. Example: 226 227I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> 228 229If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. 230 231=item B<-x509> 232 233this option outputs a self signed certificate instead of a certificate 234request. This is typically used to generate a test certificate or 235a self signed root CA. The extensions added to the certificate 236(if any) are specified in the configuration file. Unless specified 237using the B<set_serial> option, a large random number will be used for 238the serial number. 239 240=item B<-days n> 241 242when the B<-x509> option is being used this specifies the number of 243days to certify the certificate for. The default is 30 days. 244 245=item B<-set_serial n> 246 247serial number to use when outputting a self signed certificate. This 248may be specified as a decimal value or a hex value if preceded by B<0x>. 249It is possible to use negative serial numbers but this is not recommended. 250 251=item B<-extensions section> 252 253=item B<-reqexts section> 254 255these options specify alternative sections to include certificate 256extensions (if the B<-x509> option is present) or certificate 257request extensions. This allows several different sections to 258be used in the same configuration file to specify requests for 259a variety of purposes. 260 261=item B<-utf8> 262 263this option causes field values to be interpreted as UTF8 strings, by 264default they are interpreted as ASCII. This means that the field 265values, whether prompted from a terminal or obtained from a 266configuration file, must be valid UTF8 strings. 267 268=item B<-nameopt option> 269 270option which determines how the subject or issuer names are displayed. The 271B<option> argument can be a single option or multiple options separated by 272commas. Alternatively the B<-nameopt> switch may be used more than once to 273set multiple options. See the L<x509(1)|x509(1)> manual page for details. 274 275=item B<-reqopt> 276 277customise the output format used with B<-text>. The B<option> argument can be 278a single option or multiple options separated by commas. 279 280See discission of the B<-certopt> parameter in the L<B<x509>|x509(1)> 281command. 282 283 284=item B<-asn1-kludge> 285 286by default the B<req> command outputs certificate requests containing 287no attributes in the correct PKCS#10 format. However certain CAs will only 288accept requests containing no attributes in an invalid form: this 289option produces this invalid format. 290 291More precisely the B<Attributes> in a PKCS#10 certificate request 292are defined as a B<SET OF Attribute>. They are B<not OPTIONAL> so 293if no attributes are present then they should be encoded as an 294empty B<SET OF>. The invalid form does not include the empty 295B<SET OF> whereas the correct form does. 296 297It should be noted that very few CAs still require the use of this option. 298 299=item B<-no-asn1-kludge> 300 301Reverses effect of B<-asn1-kludge> 302 303=item B<-newhdr> 304 305Adds the word B<NEW> to the PEM file header and footer lines on the outputted 306request. Some software (Netscape certificate server) and some CAs need this. 307 308=item B<-batch> 309 310non-interactive mode. 311 312=item B<-verbose> 313 314print extra details about the operations being performed. 315 316=item B<-engine id> 317 318specifying an engine (by its unique B<id> string) will cause B<req> 319to attempt to obtain a functional reference to the specified engine, 320thus initialising it if needed. The engine will then be set as the default 321for all available algorithms. 322 323=item B<-keygen_engine id> 324 325specifies an engine (by its unique B<id> string) which would be used 326for key generation operations. 327 328=back 329 330=head1 CONFIGURATION FILE FORMAT 331 332The configuration options are specified in the B<req> section of 333the configuration file. As with all configuration files if no 334value is specified in the specific section (i.e. B<req>) then 335the initial unnamed or B<default> section is searched too. 336 337The options available are described in detail below. 338 339=over 4 340 341=item B<input_password output_password> 342 343The passwords for the input private key file (if present) and 344the output private key file (if one will be created). The 345command line options B<passin> and B<passout> override the 346configuration file values. 347 348=item B<default_bits> 349 350This specifies the default key size in bits. If not specified then 351512 is used. It is used if the B<-new> option is used. It can be 352overridden by using the B<-newkey> option. 353 354=item B<default_keyfile> 355 356This is the default filename to write a private key to. If not 357specified the key is written to standard output. This can be 358overridden by the B<-keyout> option. 359 360=item B<oid_file> 361 362This specifies a file containing additional B<OBJECT IDENTIFIERS>. 363Each line of the file should consist of the numerical form of the 364object identifier followed by white space then the short name followed 365by white space and finally the long name. 366 367=item B<oid_section> 368 369This specifies a section in the configuration file containing extra 370object identifiers. Each line should consist of the short name of the 371object identifier followed by B<=> and the numerical form. The short 372and long names are the same when this option is used. 373 374=item B<RANDFILE> 375 376This specifies a filename in which random number seed information is 377placed and read from, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 378It is used for private key generation. 379 380=item B<encrypt_key> 381 382If this is set to B<no> then if a private key is generated it is 383B<not> encrypted. This is equivalent to the B<-nodes> command line 384option. For compatibility B<encrypt_rsa_key> is an equivalent option. 385 386=item B<default_md> 387 388This option specifies the digest algorithm to use. Possible values 389include B<md5 sha1 mdc2>. If not present then MD5 is used. This 390option can be overridden on the command line. 391 392=item B<string_mask> 393 394This option masks out the use of certain string types in certain 395fields. Most users will not need to change this option. 396 397It can be set to several values B<default> which is also the default 398option uses PrintableStrings, T61Strings and BMPStrings if the 399B<pkix> value is used then only PrintableStrings and BMPStrings will 400be used. This follows the PKIX recommendation in RFC2459. If the 401B<utf8only> option is used then only UTF8Strings will be used: this 402is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr> 403option just uses PrintableStrings and T61Strings: certain software has 404problems with BMPStrings and UTF8Strings: in particular Netscape. 405 406=item B<req_extensions> 407 408this specifies the configuration file section containing a list of 409extensions to add to the certificate request. It can be overridden 410by the B<-reqexts> command line switch. See the 411L<x509v3_config(5)|x509v3_config(5)> manual page for details of the 412extension section format. 413 414=item B<x509_extensions> 415 416this specifies the configuration file section containing a list of 417extensions to add to certificate generated when the B<-x509> switch 418is used. It can be overridden by the B<-extensions> command line switch. 419 420=item B<prompt> 421 422if set to the value B<no> this disables prompting of certificate fields 423and just takes values from the config file directly. It also changes the 424expected format of the B<distinguished_name> and B<attributes> sections. 425 426=item B<utf8> 427 428if set to the value B<yes> then field values to be interpreted as UTF8 429strings, by default they are interpreted as ASCII. This means that 430the field values, whether prompted from a terminal or obtained from a 431configuration file, must be valid UTF8 strings. 432 433=item B<attributes> 434 435this specifies the section containing any request attributes: its format 436is the same as B<distinguished_name>. Typically these may contain the 437challengePassword or unstructuredName types. They are currently ignored 438by OpenSSL's request signing utilities but some CAs might want them. 439 440=item B<distinguished_name> 441 442This specifies the section containing the distinguished name fields to 443prompt for when generating a certificate or certificate request. The format 444is described in the next section. 445 446=back 447 448=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT 449 450There are two separate formats for the distinguished name and attribute 451sections. If the B<prompt> option is set to B<no> then these sections 452just consist of field names and values: for example, 453 454 CN=My Name 455 OU=My Organization 456 emailAddress=someone@somewhere.org 457 458This allows external programs (e.g. GUI based) to generate a template file 459with all the field names and values and just pass it to B<req>. An example 460of this kind of configuration file is contained in the B<EXAMPLES> section. 461 462Alternatively if the B<prompt> option is absent or not set to B<no> then the 463file contains field prompting information. It consists of lines of the form: 464 465 fieldName="prompt" 466 fieldName_default="default field value" 467 fieldName_min= 2 468 fieldName_max= 4 469 470"fieldName" is the field name being used, for example commonName (or CN). 471The "prompt" string is used to ask the user to enter the relevant 472details. If the user enters nothing then the default value is used if no 473default value is present then the field is omitted. A field can 474still be omitted if a default value is present if the user just 475enters the '.' character. 476 477The number of characters entered must be between the fieldName_min and 478fieldName_max limits: there may be additional restrictions based 479on the field being used (for example countryName can only ever be 480two characters long and must fit in a PrintableString). 481 482Some fields (such as organizationName) can be used more than once 483in a DN. This presents a problem because configuration files will 484not recognize the same name occurring twice. To avoid this problem 485if the fieldName contains some characters followed by a full stop 486they will be ignored. So for example a second organizationName can 487be input by calling it "1.organizationName". 488 489The actual permitted field names are any object identifier short or 490long names. These are compiled into OpenSSL and include the usual 491values such as commonName, countryName, localityName, organizationName, 492organizationalUnitName, stateOrProvinceName. Additionally emailAddress 493is include as well as name, surname, givenName initials and dnQualifier. 494 495Additional object identifiers can be defined with the B<oid_file> or 496B<oid_section> options in the configuration file. Any additional fields 497will be treated as though they were a DirectoryString. 498 499 500=head1 EXAMPLES 501 502Examine and verify certificate request: 503 504 openssl req -in req.pem -text -verify -noout 505 506Create a private key and then generate a certificate request from it: 507 508 openssl genrsa -out key.pem 2048 509 openssl req -new -key key.pem -out req.pem 510 511The same but just using req: 512 513 openssl req -newkey rsa:2048 -keyout key.pem -out req.pem 514 515Generate a self signed root certificate: 516 517 openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem 518 519Example of a file pointed to by the B<oid_file> option: 520 521 1.2.3.4 shortName A longer Name 522 1.2.3.6 otherName Other longer Name 523 524Example of a section pointed to by B<oid_section> making use of variable 525expansion: 526 527 testoid1=1.2.3.5 528 testoid2=${testoid1}.6 529 530Sample configuration file prompting for field values: 531 532 [ req ] 533 default_bits = 2048 534 default_keyfile = privkey.pem 535 distinguished_name = req_distinguished_name 536 attributes = req_attributes 537 x509_extensions = v3_ca 538 539 dirstring_type = nobmp 540 541 [ req_distinguished_name ] 542 countryName = Country Name (2 letter code) 543 countryName_default = AU 544 countryName_min = 2 545 countryName_max = 2 546 547 localityName = Locality Name (eg, city) 548 549 organizationalUnitName = Organizational Unit Name (eg, section) 550 551 commonName = Common Name (eg, YOUR name) 552 commonName_max = 64 553 554 emailAddress = Email Address 555 emailAddress_max = 40 556 557 [ req_attributes ] 558 challengePassword = A challenge password 559 challengePassword_min = 4 560 challengePassword_max = 20 561 562 [ v3_ca ] 563 564 subjectKeyIdentifier=hash 565 authorityKeyIdentifier=keyid:always,issuer:always 566 basicConstraints = CA:true 567 568Sample configuration containing all field values: 569 570 571 RANDFILE = $ENV::HOME/.rnd 572 573 [ req ] 574 default_bits = 2048 575 default_keyfile = keyfile.pem 576 distinguished_name = req_distinguished_name 577 attributes = req_attributes 578 prompt = no 579 output_password = mypass 580 581 [ req_distinguished_name ] 582 C = GB 583 ST = Test State or Province 584 L = Test Locality 585 O = Organization Name 586 OU = Organizational Unit Name 587 CN = Common Name 588 emailAddress = test@email.address 589 590 [ req_attributes ] 591 challengePassword = A challenge password 592 593 594=head1 NOTES 595 596The header and footer lines in the B<PEM> format are normally: 597 598 -----BEGIN CERTIFICATE REQUEST----- 599 -----END CERTIFICATE REQUEST----- 600 601some software (some versions of Netscape certificate server) instead needs: 602 603 -----BEGIN NEW CERTIFICATE REQUEST----- 604 -----END NEW CERTIFICATE REQUEST----- 605 606which is produced with the B<-newhdr> option but is otherwise compatible. 607Either form is accepted transparently on input. 608 609The certificate requests generated by B<Xenroll> with MSIE have extensions 610added. It includes the B<keyUsage> extension which determines the type of 611key (signature only or general purpose) and any additional OIDs entered 612by the script in an extendedKeyUsage extension. 613 614=head1 DIAGNOSTICS 615 616The following messages are frequently asked about: 617 618 Using configuration from /some/path/openssl.cnf 619 Unable to load config info 620 621This is followed some time later by... 622 623 unable to find 'distinguished_name' in config 624 problems making Certificate Request 625 626The first error message is the clue: it can't find the configuration 627file! Certain operations (like examining a certificate request) don't 628need a configuration file so its use isn't enforced. Generation of 629certificates or requests however does need a configuration file. This 630could be regarded as a bug. 631 632Another puzzling message is this: 633 634 Attributes: 635 a0:00 636 637this is displayed when no attributes are present and the request includes 638the correct empty B<SET OF> structure (the DER encoding of which is 0xa0 6390x00). If you just see: 640 641 Attributes: 642 643then the B<SET OF> is missing and the encoding is technically invalid (but 644it is tolerated). See the description of the command line option B<-asn1-kludge> 645for more information. 646 647=head1 ENVIRONMENT VARIABLES 648 649The variable B<OPENSSL_CONF> if defined allows an alternative configuration 650file location to be specified, it will be overridden by the B<-config> command 651line switch if it is present. For compatibility reasons the B<SSLEAY_CONF> 652environment variable serves the same purpose but its use is discouraged. 653 654=head1 BUGS 655 656OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively 657treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. 658This can cause problems if you need characters that aren't available in 659PrintableStrings and you don't want to or can't use BMPStrings. 660 661As a consequence of the T61String handling the only correct way to represent 662accented characters in OpenSSL is to use a BMPString: unfortunately Netscape 663currently chokes on these. If you have to use accented characters with Netscape 664and MSIE then you currently need to use the invalid T61String form. 665 666The current prompting is not very friendly. It doesn't allow you to confirm what 667you've just entered. Other things like extensions in certificate requests are 668statically defined in the configuration file. Some of these: like an email 669address in subjectAltName should be input by the user. 670 671=head1 SEE ALSO 672 673L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, 674L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>, 675L<x509v3_config(5)|x509v3_config(5)> 676 677=cut 678