OLD | NEW |
1 | 1 |
2 =pod | 2 =pod |
3 | 3 |
4 =head1 NAME | 4 =head1 NAME |
5 | 5 |
6 ca - sample minimal CA application | 6 ca - sample minimal CA application |
7 | 7 |
8 =head1 SYNOPSIS | 8 =head1 SYNOPSIS |
9 | 9 |
10 B<openssl> B<ca> | 10 B<openssl> B<ca> |
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
198 | 198 |
199 this sets the batch mode. In this mode no questions will be asked | 199 this sets the batch mode. In this mode no questions will be asked |
200 and all certificates will be certified automatically. | 200 and all certificates will be certified automatically. |
201 | 201 |
202 =item B<-extensions section> | 202 =item B<-extensions section> |
203 | 203 |
204 the section of the configuration file containing certificate extensions | 204 the section of the configuration file containing certificate extensions |
205 to be added when a certificate is issued (defaults to B<x509_extensions> | 205 to be added when a certificate is issued (defaults to B<x509_extensions> |
206 unless the B<-extfile> option is used). If no extension section is | 206 unless the B<-extfile> option is used). If no extension section is |
207 present then, a V1 certificate is created. If the extension section | 207 present then, a V1 certificate is created. If the extension section |
208 is present (even if it is empty), then a V3 certificate is created. | 208 is present (even if it is empty), then a V3 certificate is created. See the:w |
| 209 L<x509v3_config(5)|x509v3_config(5)> manual page for details of the |
| 210 extension section format. |
209 | 211 |
210 =item B<-extfile file> | 212 =item B<-extfile file> |
211 | 213 |
212 an additional configuration file to read certificate extensions from | 214 an additional configuration file to read certificate extensions from |
213 (using the default section unless the B<-extensions> option is also | 215 (using the default section unless the B<-extensions> option is also |
214 used). | 216 used). |
215 | 217 |
216 =item B<-engine id> | 218 =item B<-engine id> |
217 | 219 |
218 specifying an engine (by it's unique B<id> string) will cause B<req> | 220 specifying an engine (by its unique B<id> string) will cause B<ca> |
219 to attempt to obtain a functional reference to the specified engine, | 221 to attempt to obtain a functional reference to the specified engine, |
220 thus initialising it if needed. The engine will then be set as the default | 222 thus initialising it if needed. The engine will then be set as the default |
221 for all available algorithms. | 223 for all available algorithms. |
222 | 224 |
223 =item B<-subj arg> | 225 =item B<-subj arg> |
224 | 226 |
225 supersedes subject name given in the request. | 227 supersedes subject name given in the request. |
226 The arg must be formatted as I</type0=value0/type1=value1/type2=...>, | 228 The arg must be formatted as I</type0=value0/type1=value1/type2=...>, |
227 characters may be escaped by \ (backslash), no spaces are skipped. | 229 characters may be escaped by \ (backslash), no spaces are skipped. |
228 | 230 |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
292 This is the same as B<crl_compromise> except the revocation reason is set to | 294 This is the same as B<crl_compromise> except the revocation reason is set to |
293 B<CACompromise>. | 295 B<CACompromise>. |
294 | 296 |
295 =item B<-crlexts section> | 297 =item B<-crlexts section> |
296 | 298 |
297 the section of the configuration file containing CRL extensions to | 299 the section of the configuration file containing CRL extensions to |
298 include. If no CRL extension section is present then a V1 CRL is | 300 include. If no CRL extension section is present then a V1 CRL is |
299 created, if the CRL extension section is present (even if it is | 301 created, if the CRL extension section is present (even if it is |
300 empty) then a V2 CRL is created. The CRL extensions specified are | 302 empty) then a V2 CRL is created. The CRL extensions specified are |
301 CRL extensions and B<not> CRL entry extensions. It should be noted | 303 CRL extensions and B<not> CRL entry extensions. It should be noted |
302 that some software (for example Netscape) can't handle V2 CRLs. | 304 that some software (for example Netscape) can't handle V2 CRLs. See |
| 305 L<x509v3_config(5)|x509v3_config(5)> manual page for details of the |
| 306 extension section format. |
303 | 307 |
304 =back | 308 =back |
305 | 309 |
306 =head1 CONFIGURATION FILE OPTIONS | 310 =head1 CONFIGURATION FILE OPTIONS |
307 | 311 |
308 The section of the configuration file containing options for B<ca> | 312 The section of the configuration file containing options for B<ca> |
309 is found as follows: If the B<-name> command line option is used, | 313 is found as follows: If the B<-name> command line option is used, |
310 then it names the section to be used. Otherwise the section to | 314 then it names the section to be used. Otherwise the section to |
311 be used must be named in the B<default_ca> option of the B<ca> section | 315 be used must be named in the B<default_ca> option of the B<ca> section |
312 of the configuration file (or in the default section of the | 316 of the configuration file (or in the default section of the |
(...skipping 346 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
659 Additional restrictions can be placed on the CA certificate itself. | 663 Additional restrictions can be placed on the CA certificate itself. |
660 For example if the CA certificate has: | 664 For example if the CA certificate has: |
661 | 665 |
662 basicConstraints = CA:TRUE, pathlen:0 | 666 basicConstraints = CA:TRUE, pathlen:0 |
663 | 667 |
664 then even if a certificate is issued with CA:TRUE it will not be valid. | 668 then even if a certificate is issued with CA:TRUE it will not be valid. |
665 | 669 |
666 =head1 SEE ALSO | 670 =head1 SEE ALSO |
667 | 671 |
668 L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>
, | 672 L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>
, |
669 L<config(5)|config(5)> | 673 L<config(5)|config(5)>, L<x509v3_config(5)|x509v3_config(5)> |
670 | 674 |
671 =cut | 675 =cut |
OLD | NEW |