Lines Matching refs:certificate

5 openssl-verification-options - generic X.509 certificate verification options
25 starting from the I<target certificate> that is to be verified
26 and ending in a certificate that due to some policy is trusted.
28 is a high-level specification of the intended use of the target certificate,
57 or Apple's and Microsoft's certificate stores, ...
59 From the OpenSSL perspective, a trust anchor is a certificate
61 uses of a target certificate the certificate may serve as a trust anchor.
79 A certificate, which may be CA certificate or an end-entity certificate,
104 First, a certificate chain is built up starting from the target certificate
108 a certificate with suitable key usage that
109 matches as an issuer of the current "subject" certificate as described below.
110 If there is such a certificate, the first one found that is currently valid
115 When a self-signed certificate has been added, chain construction stops.
118 A candidate issuer certificate matches a subject certificate
125 Its subject name matches the issuer name of the subject certificate.
129 If the subject certificate has an authority key identifier extension,
131 number, and issuer field of the candidate issuer certificate,
136 The certificate signature algorithm used to sign the subject certificate
138 equals the public key algorithm of the candidate issuer certificate.
148 When the certificate chain building process was successful
151 The first step is to check that each certificate is well-formed.
154 The second step is to check the X.509v3 extensions of every certificate
159 The X.509v3 extensions of the target or "leaf" certificate
166 The third step is to check the trust settings on the last certificate
167 (which typically is a self-signed root CA certificate).
169 For compatibility with previous versions of OpenSSL, a self-signed certificate
172 The fourth, and final, step is to check the validity of the certificate chain.
173 For each element in the chain, including the root CA certificate,
177 The certificate signature is checked as well
178 (except for the signature of the typically self-signed root CA certificate,
180 When verifying a certificate signature
181 the keyUsage extension (if present) of the candidate issuer certificate
184 If all operations complete successfully then certificate is considered
185 valid. If any operation fails then the certificate is not valid.
207 Load the specified file which contains a certificate
220 certificate. This is so that the library can extract the IssuerName,
221 hash it, and directly lookup the file to get the issuer certificate.
231 The URI may indicate a single certificate, as well as a collection of them.
237 These certificates are also used when building the server certificate
238 chain (for example with L<openssl-s_server(1)>) or client certificate
249 The certificate verification can be fine-tuned with the following flags.
275 among others, the following certificate well-formedness conditions are checked:
297 The issuer name of any certificate must not be empty.
331 supported by OpenSSL the certificate is rejected (as required by RFC5280).
340 Checks end entity certificate validity by attempting to look up a valid CRL.
367 Set the certificate chain authentication security level to I<level>.
369 public key strength when verifying certificate chains.  For a certificate
384 That is, a chain ending in a certificate that normally would not be trusted
387 This certificate may be self-issued or belong to an intermediate CA.
392 the last certificate in a chain if the certificate is supposedly self-signed.
394 certificate with key usage restrictions not including the keyCertSign bit.
405 When constructing the certificate chain, the trusted certificates specified
429 construct a certificate chain from the target certificate to a trust anchor.
444 Enables certificate policy processing.
460 A high-level specification of the intended use of the target certificate.
464 If peer certificate verification is enabled, by default the TLS implementation
477 Limit the certificate chain to I<num> intermediate CA certificates.
479 end-entity certificate nor the trust-anchor certificate count against the
490 Common Name in the subject certificate.
495 the subject certificate.
507 which in turn implies certificate key usage and extended key usage requirements.
510 to verifying the given certificate chain.
518 Sometimes there may be more than one certificate chain leading to an
519 end-entity certificate.
520 This usually happens when a root or intermediate CA signs a certificate
532 Specify an extra certificate, private key and certificate chain. These behave
539 Specify whether the application should build the certificate chain to be
545 The input format for the extra certificate.
558 certificate extensions, which determine what certificates can be used for.
563 certificate can be used as a CA. If the CA flag is true then it is a CA,
568 which includes the case that it is an X.509v1 certificate,
569 then the certificate is considered to be a "possible CA" and
570 other extensions are checked according to the intended use of the certificate.
577 made on the uses of the certificate. A CA certificate B<must> have the
583 certificate use. If this extension is present (whether critical or not)
594 the certificate validity concept and certificate path validation.
620 The Netscape certificate type must be absent or have the SSL client bit set.
623 the Netscape certificate type must be absent or have the SSL CA bit set.
633 The Netscape certificate type must be absent or have the SSL server bit set.
636 the Netscape certificate type must be absent or have the SSL CA bit set.
652 the Netscape certificate type must be absent or should have the S/MIME bit set.
653 If the S/MIME bit is not set in the Netscape certificate type
658 the Netscape certificate type must be absent or have the S/MIME CA bit set.