Lines Matching +full:serial +full:- +full:output
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
52 .\" output yourself in some meaningful fashion.
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OPENSSL-X509 1ossl"
134 .TH OPENSSL-X509 1ossl "2023-09-22" "3.0.11" "OpenSSL"
140 openssl\-x509 \- Certificate display and signing command
144 [\fB\-help\fR]
145 [\fB\-in\fR \fIfilename\fR|\fIuri\fR]
146 [\fB\-passin\fR \fIarg\fR]
147 [\fB\-new\fR]
148 [\fB\-x509toreq\fR]
149 [\fB\-req\fR]
150 [\fB\-copy_extensions\fR \fIarg\fR]
151 [\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]
152 [\fB\-vfyopt\fR \fInm\fR:\fIv\fR]
153 [\fB\-key\fR \fIfilename\fR|\fIuri\fR]
154 [\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR]
155 [\fB\-signkey\fR \fIfilename\fR|\fIuri\fR]
156 [\fB\-out\fR \fIfilename\fR]
157 [\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]
158 [\fB\-nocert\fR]
159 [\fB\-noout\fR]
160 [\fB\-dateopt\fR]
161 [\fB\-text\fR]
162 [\fB\-certopt\fR \fIoption\fR]
163 [\fB\-fingerprint\fR]
164 [\fB\-alias\fR]
165 [\fB\-serial\fR]
166 [\fB\-startdate\fR]
167 [\fB\-enddate\fR]
168 [\fB\-dates\fR]
169 [\fB\-subject\fR]
170 [\fB\-issuer\fR]
171 [\fB\-nameopt\fR \fIoption\fR]
172 [\fB\-email\fR]
173 [\fB\-hash\fR]
174 [\fB\-subject_hash\fR]
175 [\fB\-subject_hash_old\fR]
176 [\fB\-issuer_hash\fR]
177 [\fB\-issuer_hash_old\fR]
178 [\fB\-ext\fR \fIextensions\fR]
179 [\fB\-ocspid\fR]
180 [\fB\-ocsp_uri\fR]
181 [\fB\-purpose\fR]
182 [\fB\-pubkey\fR]
183 [\fB\-modulus\fR]
184 [\fB\-checkend\fR \fInum\fR]
185 [\fB\-checkhost\fR \fIhost\fR]
186 [\fB\-checkemail\fR \fIhost\fR]
187 [\fB\-checkip\fR \fIipaddr\fR]
188 [\fB\-set_serial\fR \fIn\fR]
189 [\fB\-next_serial\fR]
190 [\fB\-days\fR \fIarg\fR]
191 [\fB\-preserve_dates\fR]
192 [\fB\-subj\fR \fIarg\fR]
193 [\fB\-force_pubkey\fR \fIfilename\fR]
194 [\fB\-clrext\fR]
195 [\fB\-extfile\fR \fIfilename\fR]
196 [\fB\-extensions\fR \fIsection\fR]
197 [\fB\-sigopt\fR \fInm\fR:\fIv\fR]
198 [\fB\-badsig\fR]
199 [\fB\-\f(BIdigest\fB\fR]
200 [\fB\-CA\fR \fIfilename\fR|\fIuri\fR]
201 [\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR]
202 [\fB\-CAkey\fR \fIfilename\fR|\fIuri\fR]
203 [\fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR]
204 [\fB\-CAserial\fR \fIfilename\fR]
205 [\fB\-CAcreateserial\fR]
206 [\fB\-trustout\fR]
207 [\fB\-setalias\fR \fIarg\fR]
208 [\fB\-clrtrust\fR]
209 [\fB\-addtrust\fR \fIarg\fR]
210 [\fB\-clrreject\fR]
211 [\fB\-addreject\fR \fIarg\fR]
212 [\fB\-rand\fR \fIfiles\fR]
213 [\fB\-writerand\fR \fIfile\fR]
214 [\fB\-engine\fR \fIid\fR]
215 [\fB\-provider\fR \fIname\fR]
216 [\fB\-provider\-path\fR \fIpath\fR]
217 [\fB\-propquery\fR \fIpropq\fR]
220 This command is a multi-purposes certificate handling command.
224 and then self-signing them or signing them like a \*(L"micro \s-1CA\*(R".\s0
230 .SS "Input, Output, and General Purpose Options"
231 .IX Subsection "Input, Output, and General Purpose Options"
232 .IP "\fB\-help\fR" 4
233 .IX Item "-help"
235 .IP "\fB\-in\fR \fIfilename\fR|\fIuri\fR" 4
236 .IX Item "-in filename|uri"
238 or the input file for reading a certificate request if the \fB\-req\fR flag is used.
241 This option cannot be combined with the \fB\-new\fR flag.
242 .IP "\fB\-passin\fR \fIarg\fR" 4
243 .IX Item "-passin arg"
246 see \fBopenssl\-passphrase\-options\fR\|(1).
247 .IP "\fB\-new\fR" 4
248 .IX Item "-new"
250 or certificate request. So the \fB\-in\fR option must not be used in this case.
251 Instead, the \fB\-subj\fR option needs to be given.
252 The public key to include can be given with the \fB\-force_pubkey\fR option
253 and defaults to the key given with the \fB\-key\fR (or \fB\-signkey\fR) option,
254 which implies self-signature.
255 .IP "\fB\-x509toreq\fR" 4
256 .IX Item "-x509toreq"
257 Output a PKCS#10 certificate request (rather than a certificate).
258 The \fB\-key\fR (or \fB\-signkey\fR) option must be used to provide the private key for
259 self-signing; the corresponding public key is placed in the subjectPKInfo field.
262 X.509 extensions to be added can be specified using the \fB\-extfile\fR option.
263 .IP "\fB\-req\fR" 4
264 .IX Item "-req"
267 which must be correctly self-signed.
270 X.509 extensions to be added can be specified using the \fB\-extfile\fR option.
271 .IP "\fB\-copy_extensions\fR \fIarg\fR" 4
272 .IX Item "-copy_extensions arg"
274 when converting from a certificate to a request using the \fB\-x509toreq\fR option
275 or converting from a request to a certificate using the \fB\-req\fR option.
281 The \fB\-ext\fR option can be used to further restrict which extensions to copy.
282 .IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4
283 .IX Item "-inform DER|PEM"
285 See \fBopenssl\-format\-options\fR\|(1) for details.
286 .IP "\fB\-vfyopt\fR \fInm\fR:\fIv\fR" 4
287 .IX Item "-vfyopt nm:v"
289 Names and values of these options are algorithm-specific.
290 .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4
291 .IX Item "-key filename|uri"
294 Unless \fB\-force_pubkey\fR is given, the corresponding public key is placed in
295 the new certificate or certificate request, resulting in a self-signature.
297 This option cannot be used in conjunction with the \fB\-CA\fR option.
299 It sets the issuer name to the subject name (i.e., makes it self-issued)
301 by \fB\-force_pubkey\fR).
302 Unless the \fB\-preserve_dates\fR option is supplied,
304 and the end date to a value determined by the \fB\-days\fR option.
305 .IP "\fB\-signkey\fR \fIfilename\fR|\fIuri\fR" 4
306 .IX Item "-signkey filename|uri"
307 This option is an alias of \fB\-key\fR.
308 .IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4
309 .IX Item "-keyform DER|PEM|P12|ENGINE"
311 See \fBopenssl\-format\-options\fR\|(1) for details.
312 .IP "\fB\-out\fR \fIfilename\fR" 4
313 .IX Item "-out filename"
314 This specifies the output filename to write to or standard output by default.
315 .IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4
316 .IX Item "-outform DER|PEM"
317 The output format; the default is \fB\s-1PEM\s0\fR.
318 See \fBopenssl\-format\-options\fR\|(1) for details.
319 .IP "\fB\-nocert\fR" 4
320 .IX Item "-nocert"
321 Do not output a certificate (except for printing as requested by below options).
322 .IP "\fB\-noout\fR" 4
323 .IX Item "-noout"
324 This option prevents output except for printing as requested by below options.
327 Note: the \fB\-alias\fR and \fB\-purpose\fR options are also printing options
329 .IP "\fB\-dateopt\fR" 4
330 .IX Item "-dateopt"
331 Specify the date output format. Values are: rfc_822 and iso_8601.
333 .IP "\fB\-text\fR" 4
334 .IX Item "-text"
336 public key, signature algorithms, issuer and subject names, serial number
338 .IP "\fB\-certopt\fR \fIoption\fR" 4
339 .IX Item "-certopt option"
340 Customise the print format used with \fB\-text\fR. The \fIoption\fR argument
342 The \fB\-certopt\fR switch may be also be used more than once to set multiple
344 .IP "\fB\-fingerprint\fR" 4
345 .IX Item "-fingerprint"
346 Calculates and prints the digest of the \s-1DER\s0 encoded version of the entire
351 .IP "\fB\-alias\fR" 4
352 .IX Item "-alias"
354 .IP "\fB\-serial\fR" 4
355 .IX Item "-serial"
356 Prints the certificate serial number.
357 .IP "\fB\-startdate\fR" 4
358 .IX Item "-startdate"
360 .IP "\fB\-enddate\fR" 4
361 .IX Item "-enddate"
363 .IP "\fB\-dates\fR" 4
364 .IX Item "-dates"
366 .IP "\fB\-subject\fR" 4
367 .IX Item "-subject"
369 .IP "\fB\-issuer\fR" 4
370 .IX Item "-issuer"
372 .IP "\fB\-nameopt\fR \fIoption\fR" 4
373 .IX Item "-nameopt option"
375 See \fBopenssl\-namedisplay\-options\fR\|(1) for details.
376 .IP "\fB\-email\fR" 4
377 .IX Item "-email"
379 .IP "\fB\-hash\fR" 4
380 .IX Item "-hash"
381 Synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons.
382 .IP "\fB\-subject_hash\fR" 4
383 .IX Item "-subject_hash"
387 .IP "\fB\-subject_hash_old\fR" 4
388 .IX Item "-subject_hash_old"
391 .IP "\fB\-issuer_hash\fR" 4
392 .IX Item "-issuer_hash"
394 .IP "\fB\-issuer_hash_old\fR" 4
395 .IX Item "-issuer_hash_old"
398 .IP "\fB\-ext\fR \fIextensions\fR" 4
399 .IX Item "-ext extensions"
405 .IP "\fB\-ocspid\fR" 4
406 .IX Item "-ocspid"
407 Prints the \s-1OCSP\s0 hash values for the subject name and public key.
408 .IP "\fB\-ocsp_uri\fR" 4
409 .IX Item "-ocsp_uri"
410 Prints the \s-1OCSP\s0 responder address(es) if any.
411 .IP "\fB\-purpose\fR" 4
412 .IX Item "-purpose"
415 \&\*(L"Certificate Extensions\*(R" in \fBopenssl\-verification\-options\fR\|(1).
416 .IP "\fB\-pubkey\fR" 4
417 .IX Item "-pubkey"
418 Prints the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format.
419 .IP "\fB\-modulus\fR" 4
420 .IX Item "-modulus"
425 .IP "\fB\-checkend\fR \fIarg\fR" 4
426 .IX Item "-checkend arg"
429 .IP "\fB\-checkhost\fR \fIhost\fR" 4
430 .IX Item "-checkhost host"
432 .IP "\fB\-checkemail\fR \fIemail\fR" 4
433 .IX Item "-checkemail email"
435 .IP "\fB\-checkip\fR \fIipaddr\fR" 4
436 .IX Item "-checkip ipaddr"
437 Check that the certificate matches the specified \s-1IP\s0 address.
438 .SS "Certificate Output Options"
439 .IX Subsection "Certificate Output Options"
440 .IP "\fB\-set_serial\fR \fIn\fR" 4
441 .IX Item "-set_serial n"
442 Specifies the serial number to use.
443 This option can be used with the \fB\-key\fR, \fB\-signkey\fR, or \fB\-CA\fR options.
444 If used in conjunction with the \fB\-CA\fR option
445 the serial number file (as specified by the \fB\-CAserial\fR option) is not used.
447 The serial number can be decimal or hex (if preceded by \f(CW\*(C`0x\*(C'\fR).
448 .IP "\fB\-next_serial\fR" 4
449 .IX Item "-next_serial"
450 Set the serial to be one more than the number in the certificate.
451 .IP "\fB\-days\fR \fIarg\fR" 4
452 .IX Item "-days arg"
455 Cannot be used together with the \fB\-preserve_dates\fR option.
456 .IP "\fB\-preserve_dates\fR" 4
457 .IX Item "-preserve_dates"
460 Cannot be used together with the \fB\-days\fR option.
461 .IP "\fB\-subj\fR \fIarg\fR" 4
462 .IX Item "-subj arg"
464 When the certificate is self-signed the issuer name is set to the same value.
470 Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL-DN).
471 Multi-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/…
477 This option can be used in conjunction with the \fB\-force_pubkey\fR option
480 .IP "\fB\-force_pubkey\fR \fIfilename\fR" 4
481 .IX Item "-force_pubkey filename"
484 or given with the \fB\-key\fR (or \fB\-signkey\fR) option.
486 This option is useful for creating self-issued certificates that are not
487 self-signed, for instance when the key cannot be used for signing, such as \s-1DH.\s0
488 It can also be used in conjunction with \fB\-new\fR and \fB\-subj\fR to directly
490 .IP "\fB\-clrext\fR" 4
491 .IX Item "-clrext"
496 the \fB\-clrext\fR option prevents taking over any extensions from the source.
499 .IP "\fB\-extfile\fR \fIfilename\fR" 4
500 .IX Item "-extfile filename"
502 .IP "\fB\-extensions\fR \fIsection\fR" 4
503 .IX Item "-extensions section"
511 .IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4
512 .IX Item "-sigopt nm:v"
515 Names and values provided using this option are algorithm-specific.
516 .IP "\fB\-badsig\fR" 4
517 .IX Item "-badsig"
520 .IP "\fB\-\f(BIdigest\fB\fR" 4
521 .IX Item "-digest"
524 digest, such as the \fB\-fingerprint\fR, \fB\-key\fR, and \fB\-CA\fR options.
525 Any digest supported by the \fBopenssl\-dgst\fR\|(1) command can be used.
526 If not specified then \s-1SHA1\s0 is used with \fB\-fingerprint\fR or
527 the default digest for the signing algorithm is used, typically \s-1SHA256.\s0
528 .SS "Micro-CA Options"
529 .IX Subsection "Micro-CA Options"
530 .IP "\fB\-CA\fR \fIfilename\fR|\fIuri\fR" 4
531 .IX Item "-CA filename|uri"
532 Specifies the \*(L"\s-1CA\*(R"\s0 certificate to be used for signing.
533 When present, this behaves like a \*(L"micro \s-1CA\*(R"\s0 as follows:
534 The subject name of the \*(L"\s-1CA\*(R"\s0 certificate is placed as issuer name in the new
535 certificate, which is then signed using the \*(L"\s-1CA\*(R"\s0 key given as detailed below.
537 This option cannot be used in conjunction with \fB\-key\fR (or \fB\-signkey\fR).
538 This option is normally combined with the \fB\-req\fR option referencing a \s-1CSR.\s0
539 Without the \fB\-req\fR option the input must be an existing certificate
540 unless the \fB\-new\fR option is given, which generates a certificate from scratch.
541 .IP "\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR," 4
542 .IX Item "-CAform DER|PEM|P12,"
543 The format for the \s-1CA\s0 certificate; unspecified by default.
544 See \fBopenssl\-format\-options\fR\|(1) for details.
545 .IP "\fB\-CAkey\fR \fIfilename\fR|\fIuri\fR" 4
546 .IX Item "-CAkey filename|uri"
547 Sets the \s-1CA\s0 private key to sign a certificate with.
548 The private key must match the public key of the certificate given with \fB\-CA\fR.
549 If this option is not provided then the key must be present in the \fB\-CA\fR input.
550 .IP "\fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4
551 .IX Item "-CAkeyform DER|PEM|P12|ENGINE"
552 The format for the \s-1CA\s0 key; unspecified by default.
553 See \fBopenssl\-format\-options\fR\|(1) for details.
554 .IP "\fB\-CAserial\fR \fIfilename\fR" 4
555 .IX Item "-CAserial filename"
556 Sets the \s-1CA\s0 serial number file to use.
558 When creating a certificate with this option and with the \fB\-CA\fR option,
559 the certificate serial number is stored in the given file.
561 an even number of hex digits with the serial number used last time.
564 The default filename consists of the \s-1CA\s0 certificate file base name with
565 \&\fI.srl\fR appended. For example if the \s-1CA\s0 certificate file is called
566 \&\fImycacert.pem\fR it expects to find a serial number file called
569 If the \fB\-CA\fR option is specified and neither <\-CAserial> or <\-CAcreateserial>
570 is given and the default serial number file does not exist,
572 .IP "\fB\-CAcreateserial\fR" 4
573 .IX Item "-CAcreateserial"
574 With this option and the \fB\-CA\fR option
575 the \s-1CA\s0 serial number file is created if it does not exist.
577 and saved into the serial number file determined as described above.
586 locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0
589 Trust settings currently are only used with a root \s-1CA.\s0
590 They allow a finer control over the purposes the root \s-1CA\s0 can be used for.
591 For example, a \s-1CA\s0 may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use.
593 See \fBopenssl\-verification\-options\fR\|(1) for more information
598 .IP "\fB\-trustout\fR" 4
599 .IX Item "-trustout"
600 Mark any certificate \s-1PEM\s0 output as <trusted> certificate rather than ordinary.
602 certificate is output and any trust settings are discarded.
603 With the \fB\-trustout\fR option a trusted certificate is output. A trusted
604 certificate is automatically output if any trust settings are modified.
605 .IP "\fB\-setalias\fR \fIarg\fR" 4
606 .IX Item "-setalias arg"
609 .IP "\fB\-clrtrust\fR" 4
610 .IX Item "-clrtrust"
612 .IP "\fB\-addtrust\fR \fIarg\fR" 4
613 .IX Item "-addtrust arg"
620 .IP "\fB\-clrreject\fR" 4
621 .IX Item "-clrreject"
623 .IP "\fB\-addreject\fR \fIarg\fR" 4
624 .IX Item "-addreject arg"
626 It accepts the same values as the \fB\-addtrust\fR option.
629 .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4
630 .IX Item "-rand files, -writerand file"
632 .IP "\fB\-engine\fR \fIid\fR" 4
633 .IX Item "-engine id"
636 .IP "\fB\-provider\fR \fIname\fR" 4
637 .IX Item "-provider name"
639 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
640 .IX Item "-provider-path path"
641 .IP "\fB\-propquery\fR \fIpropq\fR" 4
642 .IX Item "-propquery propq"
662 Don't print out the serial number.
696 \&\s-1ASN1\s0 parse unsupported extensions.
702 The value used by \fBopenssl\-ca\fR\|(1), equivalent to \fBno_issuer\fR, \fBno_pubkey\fR,
712 \& openssl x509 \-in cert.pem \-noout \-text
718 \& openssl x509 \-in cert.pem \-noout \-ext subjectAltName
724 \& openssl x509 \-in cert.pem \-noout \-ext subjectAltName,nsCertType
727 Print the certificate serial number:
730 \& openssl x509 \-in cert.pem \-noout \-serial
736 \& openssl x509 \-in cert.pem \-noout \-subject
739 Print the certificate subject name in \s-1RFC2253\s0 form:
742 \& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253
746 supporting \s-1UTF8:\s0
749 \& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb
752 Print the certificate \s-1SHA1\s0 fingerprint:
755 \& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint
758 Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format:
761 \& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER
767 \& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-key key.pem
770 Convert a certificate request into a self-signed certificate using
771 extensions for a \s-1CA:\s0
774 \& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e
775 \& \-key key.pem \-out cacert.pem
778 Sign a certificate request using the \s-1CA\s0 certificate above and add user
782 \& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e
783 \& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial
786 Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to
787 \&\*(L"Steve's Class 1 \s-1CA\*(R"\s0
790 \& openssl x509 \-in cert.pem \-addtrust clientAuth \e
791 \& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem
795 The conversion to \s-1UTF8\s0 format used with the name options assumes that
796 T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape
797 and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect
800 The \fB\-email\fR option searches the subject name and the subject alternative
814 \&\fBopenssl\-req\fR\|(1),
815 \&\fBopenssl\-ca\fR\|(1),
816 \&\fBopenssl\-genrsa\fR\|(1),
817 \&\fBopenssl\-gendsa\fR\|(1),
818 \&\fBopenssl\-verify\fR\|(1),
822 The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options
823 before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding
825 version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any directories using the old
826 form must have their links rebuilt using \fBopenssl\-rehash\fR\|(1) or similar.
828 The \fB\-signkey\fR option has been renamed to \fB\-key\fR in OpenSSL 3.0,
831 The \fB\-engine\fR option was deprecated in OpenSSL 3.0.
833 The \fB\-C\fR option was removed in OpenSSL 3.0.
836 Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
840 in the file \s-1LICENSE\s0 in the source distribution or at