openssl-cmp.pod.in - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man1/openssl-cmp.pod.in

Lines Matching refs:CMP
6 openssl-cmp - Certificate Management Protocol (CMP, RFC 4210) application
143 Certificate verification options, for both CMP and TLS:
150 Management Protocol (CMP) as defined in RFC4210.
153 request certificates to be revoked, and perform other types of CMP requests.
171 Section(s) to use within config file defining CMP options.
196 CMP command to execute.
280 the subject DN is used as fallback sender of outgoing CMP messages.
299 the issuer DN is used as fallback recipient of outgoing CMP messages.
363 it is transformed into the respective regular CMP request.
424 Its issuer is used as default recipient in CMP message headers
457 of the CMP server to connect to using HTTP(S).
472 The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy>
493 Distinguished Name (DN) to use in the recipient field of CMP request message
494 headers, i.e., the CMP server (usually the addressed CA).
496 The recipient field in the header of a CMP message is mandatory.
498 the subject of the CMP server certificate given with the B<-srvcert> option,
501 the issuer of the CMP client certificate (B<-cert> option),
509 HTTP path at the CMP server (aka CMP alias) to use for POST requests.
523 Number of seconds a CMP request-response message round trip
544 when validating signature-based protection of CMP response messages.
546 It provides more flexibility than B<-srvcert> because the CMP protection
566 for the own CMP signer certificate (to include in the extraCerts field of
570 CMP message protection) and when validating newly enrolled certificates.
577 The specific CMP server certificate to expect and directly trust (even if it is
578 expired) when verifying signature-based protection of CMP response messages.
582 as default value for the recipient of CMP requests
583 and as default value for the expected sender of CMP responses.
587 Distinguished Name (DN) expected in the sender field of incoming CMP messages.
591 CMP message signer, and attackers are not able to use arbitrary certificates
592 of a trusted PKI hierarchy to fraudulently pose as a CMP server.
602 Ignore key usage restrictions in CMP signer certificates when validating
603 signature-based protection of incoming CMP messages.
604 By default, C<digitalSignature> must be allowed by CMP signer certificates.
678 The client's current CMP signer certificate.
684 The subject of this certificate will be used as sender of outgoing CMP messages,
707 the client-side CMP signer certificate given with the B<-cert> option
756 They can be used as the default CMP signer certificate chain to include.
764 Send request messages without CMP-level protection.
834 for message exchange with CMP server via HTTP.
902 Take the sequence of CMP requests to send to the server from the given file(s)
922 Use a fresh transactionID for CMP request messages read using B<-reqin>,
925 and the CMP server complains that the transaction ID has already been used.
929 Save the sequence of CMP requests created by the client to the given file(s).
940 Process the sequence of CMP responses provided in the given file(s),
953 Save the sequence of actually used CMP responses to the given file(s).
964 Test the client using the internal CMP server mock-up at API level,
976 Act as HTTP-based CMP server mock-up listening on the given local port.
984 Maximum number of CMP (request) messages the CMP HTTP server mock-up
988 detects a CMP-level error that it can successfully answer with an error message.
1070 Send response messages without CMP-level protection.
1093 =head2 Certificate verification options, for both CMP and TLS
1107 When a client obtains from a CMP server CA certificates that it is going to
1109 authentication of the CMP server is particularly critical.
1114 When setting up CMP configurations and experimenting with enrollment options
1116 When the CMP server reports an error the client will by default
1117 check the protection of the CMP response message.
1118 Yet some CMP services tend not to protect negative responses.
1121 For assisting in such cases the CMP client offers a workaround via the
1128 This CMP client implementation comes with demonstrative CMP sections
1155 configuration file or the CMP command-line argument B<-proxy>, for example
1162 Alternatively, CMP messages may be protected in signature-based manner,
1170 By default the CMP IR message type is used, yet CR works equally here.
1208 They assume that a CMP server can be contacted on the local TCP port 80
1212 and sends an initial request message to the local CMP server
1244 =head2 Requesting information from CMP server
1254 For CMP client invocations, in particular for certificate enrollment,