openssl-cmp.pod.in - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man1/openssl-cmp.pod.in

Lines Matching refs:CMP
6 openssl-cmp - Certificate Management Protocol (CMP, RFC 4210) application
143 Certificate verification options, for both CMP and TLS:
150 Management Protocol (CMP) as defined in RFC4210.
153 request certificates to be revoked, and perform other types of CMP requests.
171 Section(s) to use within config file defining CMP options.
196 CMP command to execute.
280 the subject DN is used as fallback sender of outgoing CMP messages.
299 the issuer DN is used as fallback recipient of outgoing CMP messages.
363 it is transformed into the respective regular CMP request.
424 Its issuer is used as default recipient in CMP message headers
457 of the CMP server to connect to using HTTP(S).
469 The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy>
489 Distinguished Name (DN) to use in the recipient field of CMP request message
490 headers, i.e., the CMP server (usually the addressed CA).
492 The recipient field in the header of a CMP message is mandatory.
494 the subject of the CMP server certificate given with the B<-srvcert> option,
497 the issuer of the CMP client certificate (B<-cert> option),
505 HTTP path at the CMP server (aka CMP alias) to use for POST requests.
519 Number of seconds a CMP request-response message round trip
540 when validating signature-based protection of CMP response messages.
542 It provides more flexibility than B<-srvcert> because the CMP protection
562 for the own CMP signer certificate (to include in the extraCerts field of
566 CMP message protection) and when validating newly enrolled certificates.
573 The specific CMP server certificate to expect and directly trust (even if it is
574 expired) when verifying signature-based protection of CMP response messages.
578 as default value for the recipient of CMP requests
579 and as default value for the expected sender of CMP responses.
583 Distinguished Name (DN) expected in the sender field of incoming CMP messages.
587 CMP message signer, and attackers are not able to use arbitrary certificates
588 of a trusted PKI hierarchy to fraudulently pose as a CMP server.
598 Ignore key usage restrictions in CMP signer certificates when validating
599 signature-based protection of incoming CMP messages.
600 By default, C<digitalSignature> must be allowed by CMP signer certificates.
674 The client's current CMP signer certificate.
680 The subject of this certificate will be used as sender of outgoing CMP messages,
703 the client-side CMP signer certificate given with the B<-cert> option
752 They can be used as the default CMP signer certificate chain to include.
760 Send request messages without CMP-level protection.
830 for message exchange with CMP server via HTTP.
898 Take the sequence of CMP requests to send to the server from the given file(s)
918 Use a fresh transactionID for CMP request messages read using B<-reqin>,
921 and the CMP server complains that the transaction ID has already been used.
925 Save the sequence of CMP requests created by the client to the given file(s).
936 Process the sequence of CMP responses provided in the given file(s),
949 Save the sequence of actually used CMP responses to the given file(s).
960 Test the client using the internal CMP server mock-up at API level,
972 Act as HTTP-based CMP server mock-up listening on the given port.
979 Maximum number of CMP (request) messages the CMP HTTP server mock-up
983 detects a CMP-level error that it can successfully answer with an error message.
1065 Send response messages without CMP-level protection.
1088 =head2 Certificate verification options, for both CMP and TLS
1102 When a client obtains from a CMP server CA certificates that it is going to
1104 authentication of the CMP server is particularly critical.
1109 When setting up CMP configurations and experimenting with enrollment options
1111 When the CMP server reports an error the client will by default
1112 check the protection of the CMP response message.
1113 Yet some CMP services tend not to protect negative responses.
1116 For assisting in such cases the CMP client offers a workaround via the
1123 This CMP client implementation comes with demonstrative CMP sections
1150 configuration file or the CMP command-line argument B<-proxy>, for example
1157 Alternatively, CMP messages may be protected in signature-based manner,
1165 By default the CMP IR message type is used, yet CR works equally here.
1203 They assume that a CMP server can be contacted on the local TCP port 80
1207 and sends an initial request message to the local CMP server
1239 =head2 Requesting information from CMP server
1249 For CMP client invocations, in particular for certificate enrollment,