Normally the DN order of a certificate is the same as the order of the fields in the relevant policy section. The newer control "Xenroll" does not need this option. Since the old control has various security bugs its use is strongly discouraged. It used UniversalStrings for almost everything. This is a legacy option to make ca work with very old versions of the IE certificate enrollment control "certenr3". Check out the POLICY FORMAT section for more information. This is a section in the configuration file which decides which fields should be mandatory or match the CA certificate. This option defines the CA "policy" to use. Possible values include md5, sha1 and mdc2. The number of days to certify the certificate for. The format of the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). This allows the expiry date to be explicitly set. This allows the start date to be explicitly set. notextĭon't output the text form of a certificate to the output file. This prints extra details about the operations being performed. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
#Openssl config file serial number
If -spkac, -ss_cert or -gencrl are given, -selfsign is ignored.Ī consequence of using -selfsign is that the self-signed certificate appears among the entries in the certificate database (see the configuration option database), and uses the same serial number counter as all other certificates sign with the self-signed certificate. Cerificate requests signed with a different key are ignored. Indicates the issued certificates are to be signed with the key the certificate requests were signed with (given with -keyfile). Unix with the 'ps' utility) this option should be used with caution. Since on some systems the command line arguments are visible (e.g.
#Openssl config file password
The password used to encrypt the private key. The format of the data in the private key file. The certificate will be written to a filename consisting of the serial number in hex with ".pem" appended. The certificate details will also be printed out to this file in PEM format (except that -spkac outputs DER format). The output file to output certificates to. If present this should be the last option, all subsequent arguments are assumed to the the names of files containing certificate requests. See the SPKAC FORMAT section for information on the required input and output format. spkac filenameĪ file containing a single Netscape signed public key and challenge and additional field values to be signed by the CA. ss_cert filenameĪ single self signed certificate to be signed by the CA. in filenameĪn input filename containing a single certificate request to be signed by the CA. Specifies the configuration file section to use (overrides default_ca in the ca section). The options descriptions will be divided into each purpose. It can be used to sign certificate requests in a variety of forms and generate CRLs it also maintains a text database of issued certificates and their status. The ca command is a minimal CA application.
Openssl-ca, ca - sample minimal CA application SYNOPSIS
0 kommentar(er)
