hx509.texi - OpenGrok cross reference for /freebsd/crypto/heimdal/doc/hx509.texi

Lines Matching full:ca
182 * Setting up a CA::
190 Setting up a CA
193 * Creating a CA certificate::
229 @item CA
232 Registration Authority, i.e., an optional system to which a CA delegates certain management functio…
234 An optional system to which a CA delegates the publication of certificate revocation lists.
250 @node What is X.509 ?, Setting up a CA, Introduction, Top
290 @item Certification Authority (CA) certificates
293 certificates (be it sub-ordinate CA certificates to build an trust anchors
294 or end entity certificates). There is no limit to how many certificates a CA
327 constructed.  Given a certificate (EE, CA, Proxy, or any other type),
331 The process starts by looking at the issuing CA of the certificate, by
335 @node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top
336 @chapter Setting up a CA
340 the next chapter (see: @pxref{Creating a CA certificate}).
342 Creating a CA certificate should be more the just creating a
343 certificate, CA's should define a policy. Again, if you are simply
355 @item How do you trust your CA.
356 @item What is the CA responsibility.
357 @item Review of CA activity.
364 @node Creating a CA certificate, Issuing certificates, Setting up a CA, Top
365 @section Creating a CA certificate
367 This section describes how to create a CA certificate and what to think
370 @subsection Lifetime CA certificate
372 You probably want to create a CA certificate with a long lifetime, 10
375 CA certificate expires. Although a trust anchor can't really expire, not all
383 @subsection Create a CA certificate
385 This command below can be used to generate a self-signed CA certificate.
390     --issue-ca \
394     --certificate="FILE:ca.pem"
397 @subsection Extending the lifetime of a CA certificate
399 You just realised that your CA certificate is going to expire soon and
400 that you need replace it with a new CA. The easiest way to do that
401 is to extend the lifetime of your existing CA certificate.
403 The example below will extend the CA certificate's lifetime by 10 years. 
410     --issue-ca \
412     --template-certificate="FILE:ca.pem" \
414     --ca-private-key=FILE:ca.pem \
415     --certificate="FILE:new-ca.pem"
418 @subsection Subordinate CA
424     --ca-certificate=FILE:ca.pem \
425     --issue-ca \
428     --certificate="FILE:dev-ca.pem"
432 @node Issuing certificates, Issuing CRLs, Creating a CA certificate, Top
435 First you'll create a CA certificate, after that you have to deal with
446 Generate the key for the user. This has the problme that the the CA
474 Certificates that a CA issues may need to be revoked at some stage. As
516 	--signer=FILE:ca.pem
526         --signer=FILE:ca.pem \
625         --ca-certificate="FILE:ca.pem,ca.key" \
637         --ca-certificate="FILE:ca.pem,ca.key" \