proxy-certificates.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/proxy-certificates.7

Lines Matching full:proxy
133 .IX Title "PROXY-CERTIFICATES 7ossl"
134 .TH PROXY-CERTIFICATES 7ossl "2023-09-19" "3.0.11" "OpenSSL"
140 proxy\-certificates \- Proxy certificates in OpenSSL
143 Proxy certificates are defined in \s-1RFC 3820.\s0  They are used to
148 The requirements for a valid proxy certificate are:
151 another proxy certificate.
160 .SS "Enabling proxy certificate verification"
161 .IX Subsection "Enabling proxy certificate verification"
162 OpenSSL expects applications that want to use proxy certificates to be
177 .SS "Creating proxy certificates"
178 .IX Subsection "Creating proxy certificates"
179 Creating proxy certificates can be done using the \fBopenssl\-x509\fR\|(1)
183 \&    [ proxy ]
184 \&    # A proxy certificate MUST NEVER be a CA certificate.
188 \&    # The extension which marks this certificate as a proxy
192 It's also possible to specify the proxy extension in a separate section:
227 Note that the proxy policy value is what determines the rights granted
228 to the process during the proxy certificate, and it is up to the
231 With a proxy extension, creating a proxy certificate is a matter of
235 \&    openssl req \-new \-config proxy.cnf \e
236 \&        \-out proxy.req \-keyout proxy.key \e
237 \&        \-subj "/DC=org/DC=openssl/DC=users/CN=proxy"
239 \&    openssl x509 \-req \-CAcreateserial \-in proxy.req \-out proxy.crt \e
241 \&        \-extfile proxy.cnf \-extensions proxy
244 You can also create a proxy certificate using another proxy
246 configuration section for the proxy extensions:
249 \&    openssl req \-new \-config proxy.cnf \e
251 \&        \-subj "/DC=org/DC=openssl/DC=users/CN=proxy/CN=proxy 2"
254 \&        \-CA proxy.crt \-CAkey proxy.key \-days 7 \e
255 \&        \-extfile proxy.cnf \-extensions proxy_2
257 .SS "Using proxy certs in applications"
258 .IX Subsection "Using proxy certs in applications"
259 To interpret proxy policies, the application would normally start with
261 rights by checking the rights against the chain of proxy certificates,
271 so you must be careful to do the proxy policy interpretation at the
327 \&             * It\*(Aqs REALLY important you keep the proxy policy check
332 \&             * certificate, followed by the possible proxy
348 \&                     * to this particular proxy certificate, usually
351 \&                     * this and any subsequent proxy certificate void
369 \&                     * the rights granted by the current proxy
448 To this date, it seems that proxy certificates have only been used in
453 For that reason, OpenSSL requires that applications aware of proxy
456 \&\fBsubjectAltName\fR and \fBissuerAltName\fR are forbidden in proxy
In current file

In project "undefined"

On Google
