xref: /freebsd/crypto/openssl/doc/man1/openssl-ca.pod.in (revision b077aed33b7b6aefca7b17ddb250cf521f938613)
1=pod
2{- OpenSSL::safe::output_do_not_edit_headers(); -}
3
4=head1 NAME
5
6openssl-ca - sample minimal CA application
7
8=head1 SYNOPSIS
9
10B<openssl> B<ca>
11[B<-help>]
12[B<-verbose>]
13[B<-config> I<filename>]
14[B<-name> I<section>]
15[B<-section> I<section>]
16[B<-gencrl>]
17[B<-revoke> I<file>]
18[B<-valid> I<file>]
19[B<-status> I<serial>]
20[B<-updatedb>]
21[B<-crl_reason> I<reason>]
22[B<-crl_hold> I<instruction>]
23[B<-crl_compromise> I<time>]
24[B<-crl_CA_compromise> I<time>]
25[B<-crl_lastupdate> I<date>]
26[B<-crl_nextupdate> I<date>]
27[B<-crldays> I<days>]
28[B<-crlhours> I<hours>]
29[B<-crlsec> I<seconds>]
30[B<-crlexts> I<section>]
31[B<-startdate> I<date>]
32[B<-enddate> I<date>]
33[B<-days> I<arg>]
34[B<-md> I<arg>]
35[B<-policy> I<arg>]
36[B<-keyfile> I<filename>|I<uri>]
37[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
38[B<-key> I<arg>]
39[B<-passin> I<arg>]
40[B<-cert> I<file>]
41[B<-certform> B<DER>|B<PEM>|B<P12>]
42[B<-selfsign>]
43[B<-in> I<file>]
44[B<-inform> B<DER>|<PEM>]
45[B<-out> I<file>]
46[B<-notext>]
47[B<-dateopt>]
48[B<-outdir> I<dir>]
49[B<-infiles>]
50[B<-spkac> I<file>]
51[B<-ss_cert> I<file>]
52[B<-preserveDN>]
53[B<-noemailDN>]
54[B<-batch>]
55[B<-msie_hack>]
56[B<-extensions> I<section>]
57[B<-extfile> I<section>]
58[B<-subj> I<arg>]
59[B<-utf8>]
60[B<-sigopt> I<nm>:I<v>]
61[B<-vfyopt> I<nm>:I<v>]
62[B<-create_serial>]
63[B<-rand_serial>]
64[B<-multivalue-rdn>]
65{- $OpenSSL::safe::opt_r_synopsis -}
66{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
67[I<certreq>...]
68
69=head1 DESCRIPTION
70
71This command emulates a CA application.
72See the B<WARNINGS> especially when considering to use it productively.
73It can be used to sign certificate requests (CSRs) in a variety of forms
74and generate certificate revocation lists (CRLs).
75It also maintains a text database of issued certificates and their status.
76When signing certificates, a single request can be specified
77with the B<-in> option, or multiple requests can be processed by
78specifying a set of B<certreq> files after all options.
79
80Note that there are also very lean ways of generating certificates:
81the B<req> and B<x509> commands can be used for directly creating certificates.
82See L<openssl-req(1)> and L<openssl-x509(1)> for details.
83
84The descriptions of the B<ca> command options are divided into each purpose.
85
86=head1 OPTIONS
87
88=over 4
89
90=item B<-help>
91
92Print out a usage message.
93
94=item B<-verbose>
95
96This prints extra details about the operations being performed.
97
98=item B<-config> I<filename>
99
100Specifies the configuration file to use.
101Optional; for a description of the default value,
102see L<openssl(1)/COMMAND SUMMARY>.
103
104=item B<-name> I<section>, B<-section> I<section>
105
106Specifies the configuration file section to use (overrides
107B<default_ca> in the B<ca> section).
108
109=item B<-in> I<filename>
110
111An input filename containing a single certificate request (CSR) to be
112signed by the CA.
113
114=item B<-inform> B<DER>|B<PEM>
115
116The format of the data in certificate request input files;
117unspecified by default.
118See L<openssl-format-options(1)> for details.
119
120=item B<-ss_cert> I<filename>
121
122A single self-signed certificate to be signed by the CA.
123
124=item B<-spkac> I<filename>
125
126A file containing a single Netscape signed public key and challenge
127and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
128section for information on the required input and output format.
129
130=item B<-infiles>
131
132If present this should be the last option, all subsequent arguments
133are taken as the names of files containing certificate requests.
134
135=item B<-out> I<filename>
136
137The output file to output certificates to. The default is standard
138output. The certificate details will also be printed out to this
139file in PEM format (except that B<-spkac> outputs DER format).
140
141=item B<-outdir> I<directory>
142
143The directory to output certificates to. The certificate will be
144written to a filename consisting of the serial number in hex with
145F<.pem> appended.
146
147=item B<-cert> I<filename>
148
149The CA certificate, which must match with B<-keyfile>.
150
151=item B<-certform> B<DER>|B<PEM>|B<P12>
152
153The format of the data in certificate input files; unspecified by default.
154See L<openssl-format-options(1)> for details.
155
156=item B<-keyfile> I<filename>|I<uri>
157
158The CA private key to sign certificate requests with.
159This must match with B<-cert>.
160
161=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
162
163The format of the private key input file; unspecified by default.
164See L<openssl-format-options(1)> for details.
165
166=item B<-sigopt> I<nm>:I<v>
167
168Pass options to the signature algorithm during sign operations.
169Names and values of these options are algorithm-specific.
170
171=item B<-vfyopt> I<nm>:I<v>
172
173Pass options to the signature algorithm during verify operations.
174Names and values of these options are algorithm-specific.
175
176This often needs to be given while signing too, because the self-signature of
177a certificate signing request (CSR) is verified against the included public key,
178and that verification may need its own set of options.
179
180=item B<-key> I<password>
181
182=for openssl foreign manual ps(1)
183
184The password used to encrypt the private key. Since on some
185systems the command line arguments are visible (e.g., when using
186L<ps(1)> on Unix),
187this option should be used with caution.
188Better use B<-passin>.
189
190=item B<-passin> I<arg>
191
192The key password source for key files and certificate PKCS#12 files.
193For more information about the format of B<arg>
194see L<openssl-passphrase-options(1)>.
195
196=item B<-selfsign>
197
198Indicates the issued certificates are to be signed with the key
199the certificate requests were signed with (given with B<-keyfile>).
200Certificate requests signed with a different key are ignored.
201If B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is ignored.
202
203A consequence of using B<-selfsign> is that the self-signed
204certificate appears among the entries in the certificate database
205(see the configuration option B<database>), and uses the same
206serial number counter as all other certificates sign with the
207self-signed certificate.
208
209=item B<-notext>
210
211Don't output the text form of a certificate to the output file.
212
213=item B<-dateopt>
214
215Specify the date output format. Values are: rfc_822 and iso_8601.
216Defaults to rfc_822.
217
218=item B<-startdate> I<date>
219
220This allows the start date to be explicitly set. The format of the
221date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
222YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In
223both formats, seconds SS and timezone Z must be present.
224
225=item B<-enddate> I<date>
226
227This allows the expiry date to be explicitly set. The format of the
228date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
229YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In
230both formats, seconds SS and timezone Z must be present.
231
232=item B<-days> I<arg>
233
234The number of days to certify the certificate for.
235
236=item B<-md> I<alg>
237
238The message digest to use.
239Any digest supported by the L<openssl-dgst(1)> command can be used. For signing
240algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message
241digest that is set is ignored. This option also applies to CRLs.
242
243=item B<-policy> I<arg>
244
245This option defines the CA "policy" to use. This is a section in
246the configuration file which decides which fields should be mandatory
247or match the CA certificate. Check out the B<POLICY FORMAT> section
248for more information.
249
250=item B<-msie_hack>
251
252This is a deprecated option to make this command work with very old versions
253of the IE certificate enrollment control "certenr3". It used UniversalStrings
254for almost everything. Since the old control has various security bugs
255its use is strongly discouraged.
256
257=item B<-preserveDN>
258
259Normally the DN order of a certificate is the same as the order of the
260fields in the relevant policy section. When this option is set the order
261is the same as the request. This is largely for compatibility with the
262older IE enrollment control which would only accept certificates if their
263DNs match the order of the request. This is not needed for Xenroll.
264
265=item B<-noemailDN>
266
267The DN of a certificate can contain the EMAIL field if present in the
268request DN, however, it is good policy just having the e-mail set into
269the altName extension of the certificate. When this option is set the
270EMAIL field is removed from the certificate' subject and set only in
271the, eventually present, extensions. The B<email_in_dn> keyword can be
272used in the configuration file to enable this behaviour.
273
274=item B<-batch>
275
276This sets the batch mode. In this mode no questions will be asked
277and all certificates will be certified automatically.
278
279=item B<-extensions> I<section>
280
281The section of the configuration file containing certificate extensions
282to be added when a certificate is issued (defaults to B<x509_extensions>
283unless the B<-extfile> option is used).
284If no X.509 extensions are specified then a V1 certificate is created,
285else a V3 certificate is created.
286See the L<x509v3_config(5)> manual page for details of the
287extension section format.
288
289=item B<-extfile> I<file>
290
291An additional configuration file to read certificate extensions from
292(using the default section unless the B<-extensions> option is also
293used).
294
295=item B<-subj> I<arg>
296
297Supersedes subject name given in the request.
298
299The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
300Special characters may be escaped by C<\> (backslash), whitespace is retained.
301Empty values are permitted, but the corresponding type will not be included
302in the resulting certificate.
303Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
304Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
305between the AttributeValueAssertions (AVAs) that specify the members of the set.
306Example:
307
308C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
309
310=item B<-utf8>
311
312This option causes field values to be interpreted as UTF8 strings, by
313default they are interpreted as ASCII. This means that the field
314values, whether prompted from a terminal or obtained from a
315configuration file, must be valid UTF8 strings.
316
317=item B<-create_serial>
318
319If reading serial from the text file as specified in the configuration
320fails, specifying this option creates a new random serial to be used as next
321serial number.
322To get random serial numbers, use the B<-rand_serial> flag instead; this
323should only be used for simple error-recovery.
324
325=item B<-rand_serial>
326
327Generate a large random number to use as the serial number.
328This overrides any option or configuration to use a serial number file.
329
330=item B<-multivalue-rdn>
331
332This option has been deprecated and has no effect.
333
334{- $OpenSSL::safe::opt_r_item -}
335
336{- $OpenSSL::safe::opt_engine_item -}
337
338{- $OpenSSL::safe::opt_provider_item -}
339
340=back
341
342=head1 CRL OPTIONS
343
344=over 4
345
346=item B<-gencrl>
347
348This option generates a CRL based on information in the index file.
349
350=item B<-crl_lastupdate> I<time>
351
352Allows the value of the CRL's lastUpdate field to be explicitly set; if
353this option is not present, the current time is used. Accepts times in
354YYMMDDHHMMSSZ format (the same as an ASN1 UTCTime structure) or
355YYYYMMDDHHMMSSZ format (the same as an ASN1 GeneralizedTime structure).
356
357=item B<-crl_nextupdate> I<time>
358
359Allows the value of the CRL's nextUpdate field to be explicitly set; if
360this option is present, any values given for B<-crldays>, B<-crlhours>
361and B<-crlsec> are ignored. Accepts times in the same formats as
362B<-crl_lastupdate>.
363
364=item B<-crldays> I<num>
365
366The number of days before the next CRL is due. That is the days from
367now to place in the CRL nextUpdate field.
368
369=item B<-crlhours> I<num>
370
371The number of hours before the next CRL is due.
372
373=item B<-crlsec> I<num>
374
375The number of seconds before the next CRL is due.
376
377=item B<-revoke> I<filename>
378
379A filename containing a certificate to revoke.
380
381=item B<-valid> I<filename>
382
383A filename containing a certificate to add a Valid certificate entry.
384
385=item B<-status> I<serial>
386
387Displays the revocation status of the certificate with the specified
388serial number and exits.
389
390=item B<-updatedb>
391
392Updates the database index to purge expired certificates.
393
394=item B<-crl_reason> I<reason>
395
396Revocation reason, where I<reason> is one of: B<unspecified>, B<keyCompromise>,
397B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>,
398B<certificateHold> or B<removeFromCRL>. The matching of I<reason> is case
399insensitive. Setting any revocation reason will make the CRL v2.
400
401In practice B<removeFromCRL> is not particularly useful because it is only used
402in delta CRLs which are not currently implemented.
403
404=item B<-crl_hold> I<instruction>
405
406This sets the CRL revocation reason code to B<certificateHold> and the hold
407instruction to I<instruction> which must be an OID. Although any OID can be
408used only B<holdInstructionNone> (the use of which is discouraged by RFC2459)
409B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used.
410
411=item B<-crl_compromise> I<time>
412
413This sets the revocation reason to B<keyCompromise> and the compromise time to
414I<time>. I<time> should be in GeneralizedTime format that is I<YYYYMMDDHHMMSSZ>.
415
416=item B<-crl_CA_compromise> I<time>
417
418This is the same as B<crl_compromise> except the revocation reason is set to
419B<CACompromise>.
420
421=item B<-crlexts> I<section>
422
423The section of the configuration file containing CRL extensions to
424include. If no CRL extension section is present then a V1 CRL is
425created, if the CRL extension section is present (even if it is
426empty) then a V2 CRL is created. The CRL extensions specified are
427CRL extensions and B<not> CRL entry extensions.  It should be noted
428that some software (for example Netscape) can't handle V2 CRLs. See
429L<x509v3_config(5)> manual page for details of the
430extension section format.
431
432=back
433
434=head1 CONFIGURATION FILE OPTIONS
435
436The section of the configuration file containing options for this command
437is found as follows: If the B<-name> command line option is used,
438then it names the section to be used. Otherwise the section to
439be used must be named in the B<default_ca> option of the B<ca> section
440of the configuration file (or in the default section of the
441configuration file). Besides B<default_ca>, the following options are
442read directly from the B<ca> section:
443 RANDFILE
444 preserve
445 msie_hack
446With the exception of B<RANDFILE>, this is probably a bug and may
447change in future releases.
448
449Many of the configuration file options are identical to command line
450options. Where the option is present in the configuration file
451and the command line the command line value is used. Where an
452option is described as mandatory then it must be present in
453the configuration file or the command line equivalent (if
454any) used.
455
456=over 4
457
458=item B<oid_file>
459
460This specifies a file containing additional B<OBJECT IDENTIFIERS>.
461Each line of the file should consist of the numerical form of the
462object identifier followed by whitespace then the short name followed
463by whitespace and finally the long name.
464
465=item B<oid_section>
466
467This specifies a section in the configuration file containing extra
468object identifiers. Each line should consist of the short name of the
469object identifier followed by B<=> and the numerical form. The short
470and long names are the same when this option is used.
471
472=item B<new_certs_dir>
473
474The same as the B<-outdir> command line option. It specifies
475the directory where new certificates will be placed. Mandatory.
476
477=item B<certificate>
478
479The same as B<-cert>. It gives the file containing the CA
480certificate. Mandatory.
481
482=item B<private_key>
483
484Same as the B<-keyfile> option. The file containing the
485CA private key. Mandatory.
486
487=item B<RANDFILE>
488
489At startup the specified file is loaded into the random number generator,
490and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is
491not necessary anymore, see the L</HISTORY> section.
492
493=item B<default_days>
494
495The same as the B<-days> option. The number of days to certify
496a certificate for.
497
498=item B<default_startdate>
499
500The same as the B<-startdate> option. The start date to certify
501a certificate for. If not set the current time is used.
502
503=item B<default_enddate>
504
505The same as the B<-enddate> option. Either this option or
506B<default_days> (or the command line equivalents) must be
507present.
508
509=item B<default_crl_hours default_crl_days>
510
511The same as the B<-crlhours> and the B<-crldays> options. These
512will only be used if neither command line option is present. At
513least one of these must be present to generate a CRL.
514
515=item B<default_md>
516
517The same as the B<-md> option. Mandatory except where the signing algorithm does
518not require a digest (i.e. Ed25519 and Ed448).
519
520=item B<database>
521
522The text database file to use. Mandatory. This file must be present
523though initially it will be empty.
524
525=item B<unique_subject>
526
527If the value B<yes> is given, the valid certificate entries in the
528database must have unique subjects.  if the value B<no> is given,
529several valid certificate entries may have the exact same subject.
530The default value is B<yes>, to be compatible with older (pre 0.9.8)
531versions of OpenSSL.  However, to make CA certificate roll-over easier,
532it's recommended to use the value B<no>, especially if combined with
533the B<-selfsign> command line option.
534
535Note that it is valid in some circumstances for certificates to be created
536without any subject. In the case where there are multiple certificates without
537subjects this does not count as a duplicate.
538
539=item B<serial>
540
541A text file containing the next serial number to use in hex. Mandatory.
542This file must be present and contain a valid serial number.
543
544=item B<crlnumber>
545
546A text file containing the next CRL number to use in hex. The crl number
547will be inserted in the CRLs only if this file exists. If this file is
548present, it must contain a valid CRL number.
549
550=item B<x509_extensions>
551
552A fallback to the B<-extensions> option.
553
554=item B<crl_extensions>
555
556A fallback to the B<-crlexts> option.
557
558=item B<preserve>
559
560The same as B<-preserveDN>
561
562=item B<email_in_dn>
563
564The same as B<-noemailDN>. If you want the EMAIL field to be removed
565from the DN of the certificate simply set this to 'no'. If not present
566the default is to allow for the EMAIL filed in the certificate's DN.
567
568=item B<msie_hack>
569
570The same as B<-msie_hack>
571
572=item B<policy>
573
574The same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
575for more information.
576
577=item B<name_opt>, B<cert_opt>
578
579These options allow the format used to display the certificate details
580when asking the user to confirm signing. All the options supported by
581the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used
582here, except the B<no_signame> and B<no_sigdump> are permanently set
583and cannot be disabled (this is because the certificate signature cannot
584be displayed because the certificate has not been signed at this point).
585
586For convenience the values B<ca_default> are accepted by both to produce
587a reasonable output.
588
589If neither option is present the format used in earlier versions of
590OpenSSL is used. Use of the old format is B<strongly> discouraged because
591it only displays fields mentioned in the B<policy> section, mishandles
592multicharacter string types and does not display extensions.
593
594=item B<copy_extensions>
595
596Determines how extensions in certificate requests should be handled.
597If set to B<none> or this option is not present then extensions are
598ignored and not copied to the certificate. If set to B<copy> then any
599extensions present in the request that are not already present are copied
600to the certificate. If set to B<copyall> then all extensions in the
601request are copied to the certificate: if the extension is already present
602in the certificate it is deleted first. See the B<WARNINGS> section before
603using this option.
604
605The main use of this option is to allow a certificate request to supply
606values for certain extensions such as subjectAltName.
607
608=back
609
610=head1 POLICY FORMAT
611
612The policy section consists of a set of variables corresponding to
613certificate DN fields. If the value is "match" then the field value
614must match the same field in the CA certificate. If the value is
615"supplied" then it must be present. If the value is "optional" then
616it may be present. Any fields not mentioned in the policy section
617are silently deleted, unless the B<-preserveDN> option is set but
618this can be regarded more of a quirk than intended behaviour.
619
620=head1 SPKAC FORMAT
621
622The input to the B<-spkac> command line option is a Netscape
623signed public key and challenge. This will usually come from
624the B<KEYGEN> tag in an HTML form to create a new private key.
625It is however possible to create SPKACs using L<openssl-spkac(1)>.
626
627The file should contain the variable SPKAC set to the value of
628the SPKAC and also the required DN components as name value pairs.
629If you need to include the same component twice then it can be
630preceded by a number and a '.'.
631
632When processing SPKAC format, the output is DER if the B<-out>
633flag is used, but PEM format if sending to stdout or the B<-outdir>
634flag is used.
635
636=head1 EXAMPLES
637
638Note: these examples assume that the directory structure this command
639assumes is already set up and the relevant files already exist. This
640usually involves creating a CA certificate and private key with
641L<openssl-req(1)>, a serial number file and an empty index file and
642placing them in the relevant directories.
643
644To use the sample configuration file below the directories F<demoCA>,
645F<demoCA/private> and F<demoCA/newcerts> would be created. The CA
646certificate would be copied to F<demoCA/cacert.pem> and its private
647key to F<demoCA/private/cakey.pem>. A file F<demoCA/serial> would be
648created containing for example "01" and the empty index file
649F<demoCA/index.txt>.
650
651
652Sign a certificate request:
653
654 openssl ca -in req.pem -out newcert.pem
655
656Sign an SM2 certificate request:
657
658 openssl ca -in sm2.csr -out sm2.crt -md sm3 \
659         -sigopt "distid:1234567812345678" \
660         -vfyopt "distid:1234567812345678"
661
662Sign a certificate request, using CA extensions:
663
664 openssl ca -in req.pem -extensions v3_ca -out newcert.pem
665
666Generate a CRL
667
668 openssl ca -gencrl -out crl.pem
669
670Sign several requests:
671
672 openssl ca -infiles req1.pem req2.pem req3.pem
673
674Certify a Netscape SPKAC:
675
676 openssl ca -spkac spkac.txt
677
678A sample SPKAC file (the SPKAC line has been truncated for clarity):
679
680 SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
681 CN=Steve Test
682 emailAddress=steve@openssl.org
683 0.OU=OpenSSL Group
684 1.OU=Another Group
685
686A sample configuration file with the relevant sections for this command:
687
688 [ ca ]
689 default_ca      = CA_default            # The default ca section
690
691 [ CA_default ]
692
693 dir            = ./demoCA              # top dir
694 database       = $dir/index.txt        # index file.
695 new_certs_dir  = $dir/newcerts         # new certs dir
696
697 certificate    = $dir/cacert.pem       # The CA cert
698 serial         = $dir/serial           # serial no file
699 #rand_serial    = yes                  # for random serial#'s
700 private_key    = $dir/private/cakey.pem# CA private key
701
702 default_days   = 365                   # how long to certify for
703 default_crl_days= 30                   # how long before next CRL
704 default_md     = md5                   # md to use
705
706 policy         = policy_any            # default policy
707 email_in_dn    = no                    # Don't add the email into cert DN
708
709 name_opt       = ca_default            # Subject name display option
710 cert_opt       = ca_default            # Certificate display option
711 copy_extensions = none                 # Don't copy extensions from request
712
713 [ policy_any ]
714 countryName            = supplied
715 stateOrProvinceName    = optional
716 organizationName       = optional
717 organizationalUnitName = optional
718 commonName             = supplied
719 emailAddress           = optional
720
721=head1 FILES
722
723Note: the location of all files can change either by compile time options,
724configuration file entries, environment variables or command line options.
725The values below reflect the default values.
726
727 /usr/local/ssl/lib/openssl.cnf - master configuration file
728 ./demoCA                       - main CA directory
729 ./demoCA/cacert.pem            - CA certificate
730 ./demoCA/private/cakey.pem     - CA private key
731 ./demoCA/serial                - CA serial number file
732 ./demoCA/serial.old            - CA serial number backup file
733 ./demoCA/index.txt             - CA text database file
734 ./demoCA/index.txt.old         - CA text database backup file
735 ./demoCA/certs                 - certificate output file
736
737=head1 RESTRICTIONS
738
739The text database index file is a critical part of the process and
740if corrupted it can be difficult to fix. It is theoretically possible
741to rebuild the index file from all the issued certificates and a current
742CRL: however there is no option to do this.
743
744V2 CRL features like delta CRLs are not currently supported.
745
746Although several requests can be input and handled at once it is only
747possible to include one SPKAC or self-signed certificate.
748
749=head1 BUGS
750
751This command is quirky and at times downright unfriendly.
752
753The use of an in-memory text database can cause problems when large
754numbers of certificates are present because, as the name implies
755the database has to be kept in memory.
756
757This command really needs rewriting or the required functionality
758exposed at either a command or interface level so that a more user-friendly
759replacement could handle things properly. The script
760B<CA.pl> helps a little but not very much.
761
762Any fields in a request that are not present in a policy are silently
763deleted. This does not happen if the B<-preserveDN> option is used. To
764enforce the absence of the EMAIL field within the DN, as suggested by
765RFCs, regardless the contents of the request' subject the B<-noemailDN>
766option can be used. The behaviour should be more friendly and
767configurable.
768
769Canceling some commands by refusing to certify a certificate can
770create an empty file.
771
772=head1 WARNINGS
773
774This command was originally meant as an example of how to do things in a CA.
775Its code does not have production quality.
776It was not supposed to be used as a full blown CA itself,
777nevertheless some people are using it for this purpose at least internally.
778When doing so, specific care should be taken to
779properly secure the private key(s) used for signing certificates.
780It is advisable to keep them in a secure HW storage such as a smart card or HSM
781and access them via a suitable engine or crypto provider.
782
783This command command is effectively a single user command: no locking
784is done on the various files and attempts to run more than one B<openssl ca>
785command on the same database can have unpredictable results.
786
787The B<copy_extensions> option should be used with caution. If care is
788not taken then it can be a security risk. For example if a certificate
789request contains a basicConstraints extension with CA:TRUE and the
790B<copy_extensions> value is set to B<copyall> and the user does not spot
791this when the certificate is displayed then this will hand the requester
792a valid CA certificate.
793This situation can be avoided by setting B<copy_extensions> to B<copy>
794and including basicConstraints with CA:FALSE in the configuration file.
795Then if the request contains a basicConstraints extension it will be
796ignored.
797
798It is advisable to also include values for other extensions such
799as B<keyUsage> to prevent a request supplying its own values.
800
801Additional restrictions can be placed on the CA certificate itself.
802For example if the CA certificate has:
803
804 basicConstraints = CA:TRUE, pathlen:0
805
806then even if a certificate is issued with CA:TRUE it will not be valid.
807
808=head1 HISTORY
809
810Since OpenSSL 1.1.1, the program follows RFC5280. Specifically,
811certificate validity period (specified by any of B<-startdate>,
812B<-enddate> and B<-days>) and CRL last/next update time (specified by
813any of B<-crl_lastupdate>, B<-crl_nextupdate>, B<-crldays>, B<-crlhours>
814and B<-crlsec>) will be encoded as UTCTime if the dates are
815earlier than year 2049 (included), and as GeneralizedTime if the dates
816are in year 2050 or later.
817
818OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved
819seeding mechanism. The new seeding mechanism makes it unnecessary to
820define a RANDFILE for saving and restoring randomness. This option is
821retained mainly for compatibility reasons.
822
823The B<-section> option was added in OpenSSL 3.0.0.
824
825The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
826has no effect.
827
828The B<-engine> option was deprecated in OpenSSL 3.0.
829
830=head1 SEE ALSO
831
832L<openssl(1)>,
833L<openssl-req(1)>,
834L<openssl-spkac(1)>,
835L<openssl-x509(1)>,
836L<CA.pl(1)>,
837L<config(5)>,
838L<x509v3_config(5)>
839
840=head1 COPYRIGHT
841
842Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
843
844Licensed under the Apache License 2.0 (the "License").  You may not use
845this file except in compliance with the License.  You can obtain a copy
846in the file LICENSE in the source distribution or at
847L<https://www.openssl.org/source/license.html>.
848
849=cut
850