openssl-ca.1 - OpenGrok cross reference for /freebsd/secure/usr.bin/openssl/man/openssl-ca.1

Lines Matching full:ca
133 .IX Title "OPENSSL-CA 1ossl"
134 .TH OPENSSL-CA 1ossl "2023-09-22" "3.0.11" "OpenSSL"
140 openssl\-ca \- sample minimal CA application
143 \&\fBopenssl\fR \fBca\fR
207 This command emulates a \s-1CA\s0 application.
220 The descriptions of the \fBca\fR command options are divided into each purpose.
237 \&\fBdefault_ca\fR in the \fBca\fR section).
241 signed by the \s-1CA.\s0
249 A single self-signed certificate to be signed by the \s-1CA.\s0
253 and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR
271 The \s-1CA\s0 certificate, which must match with \fB\-keyfile\fR.
278 The \s-1CA\s0 private key to sign certificate requests with.
350 This option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in
352 or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section
521 be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section
524 read directly from the \fBca\fR section:
555 The same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0
560 \&\s-1CA\s0 private key. Mandatory.
598 versions of OpenSSL.  However, to make \s-1CA\s0 certificate roll-over easier,
668 must match the same field in the \s-1CA\s0 certificate. If the value is
692 usually involves creating a \s-1CA\s0 certificate and private key with
697 \&\fIdemoCA/private\fR and \fIdemoCA/newcerts\fR would be created. The \s-1CA\s0
706 \& openssl ca \-in req.pem \-out newcert.pem
712 \& openssl ca \-in sm2.csr \-out sm2.crt \-md sm3 \e
717 Sign a certificate request, using \s-1CA\s0 extensions:
720 \& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem
726 \& openssl ca \-gencrl \-out crl.pem
732 \& openssl ca \-infiles req1.pem req2.pem req3.pem
738 \& openssl ca \-spkac spkac.txt
754 \& [ ca ]
755 \& default_ca      = CA_default            # The default ca section
763 \& certificate    = $dir/cacert.pem       # The CA cert
766 \& private_key    = $dir/private/cakey.pem# CA private key
795 \& ./demoCA                       \- main CA directory
796 \& ./demoCA/cacert.pem            \- CA certificate
797 \& ./demoCA/private/cakey.pem     \- CA private key
798 \& ./demoCA/serial                \- CA serial number file
799 \& ./demoCA/serial.old            \- CA serial number backup file
800 \& ./demoCA/index.txt             \- CA text database file
801 \& ./demoCA/index.txt.old         \- CA text database backup file
826 \&\fB\s-1CA\s0.pl\fR helps a little but not very much.
839 This command was originally meant as an example of how to do things in a \s-1CA.\s0
841 It was not supposed to be used as a full blown \s-1CA\s0 itself,
849 is done on the various files and attempts to run more than one \fBopenssl ca\fR
854 request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the
857 a valid \s-1CA\s0 certificate.
859 and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file.
866 Additional restrictions can be placed on the \s-1CA\s0 certificate itself.
867 For example if the \s-1CA\s0 certificate has:
870 \& basicConstraints = CA:TRUE, pathlen:0
873 then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid.
901 \&\s-1\fBCA\s0.pl\fR\|(1),