Home
last modified time | relevance | path

Searched refs:certificate (Results 1 – 25 of 517) sorted by relevance

12345678910>>...21

/freebsd/crypto/heimdal/lib/hx509/
H A Dtest_ca.in58 ${hxtool} issue-certificate \
59 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
62 --certificate="FILE:cert-ee.pem" || exit 1
106 ${hxtool} issue-certificate \
107 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
111 --certificate="FILE:cert-ee.pem" || exit 1
114 ${hxtool} issue-certificate \
115 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
120 --certificate="FILE:cert-ee.pem" || exit 1
123 ${hxtool} issue-certificate \
[all …]
H A Dhxtool-commands.in39 long = "certificate"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
50 help = "certificate to sign with"
55 argument = "certificate-store"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
115 help = "only embed leaf certificate"
128 argument = "certificate-store"
132 long = "certificate"
[all …]
H A Dtest_cms.in56 --certificate=FILE:$srcdir/data/secp160r2TestClient.pem \
70 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
84 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
106 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
128 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
141 --certificate=FILE:$srcdir/data/test.combined.crt \
154 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
169 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
183 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
198 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
[all …]
H A Dtest_windows.in52 ${hxtool} issue-certificate \
58 --certificate="FILE:wca.pem" || exit 1
61 ${hxtool} issue-certificate \
67 --certificate="FILE:wdc.pem" \
70 --ca-certificate=FILE:wca.pem || exit 1
74 ${hxtool} issue-certificate \
81 --certificate="FILE:wuser.pem" \
82 --ca-certificate=FILE:wca.pem || exit 1
/freebsd/crypto/openssl/doc/man3/
H A DX509_STORE_CTX_get_error.pod9 X509_verify_cert_error_string - get or set certificate verification status
30 These functions are typically called after certificate or chain verification
44 nonnegative integer representing where in the certificate chain the error
45 occurred. If it is zero it occurred in the end entity certificate, one if
46 it is the certificate which signed the end entity certificate and so on.
52 X509_STORE_CTX_get_current_cert() returns the current certificate in
53 I<ctx>. If an error occurred, the current certificate will be the one
55 certificate is relevant.
57 X509_STORE_CTX_set_current_cert() sets the certificate I<x> in I<ctx> which
64 If a callback wishes the save the certificate for use after it returns, it
[all …]
H A DSSL_CTX_set_client_cert_cb.pod5 SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
20 called when a client certificate is requested by a server and no certificate
29 set a certificate, a certificate/private key combination must be set
31 certificate will be installed into I<ssl>, see the NOTES and BUGS sections.
32 If no certificate should be set, "0" has to be returned and no certificate
42 During a handshake (or renegotiation) a server may request a certificate
43 from the client. A client certificate must only be sent, when the server
46 When a certificate was set using the
49 certificate is sent, if it matches the list of acceptable CAs sent by the
52 selection routine or to allow a user interaction to choose the certificate to
[all …]
H A DSSL_get_certificate.pod5 SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and
18 certificate used as the local peer's identity.
21 RSA and ECDSA certificates. The certificate which is returned by
28 If it is called before certificate selection has occurred, it returns the most
29 recently added certificate, or NULL if no certificate has been added.
33 After certificate selection has occurred, it returns the certificate which was
34 selected during the handshake, or NULL if no certificate was selected (for
35 example, on a client where no client certificate is in use).
41 will depend on whether that callback is made before or after certificate
45 L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate
[all …]
H A DX509_check_ca.pod5 X509_check_ca - check if given certificate is CA certificate
15 This function checks if given certificate is CA certificate (can be used
16 to sign other certificates). The certificate must be a complete certificate
21 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
22 CA certificate with B<basicConstraints> extension CA:TRUE,
23 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
26 extension telling that it is CA certificate.
30 Actually, any nonzero value means that this certificate could have been
H A DSSL_CTX_use_certificate.pod16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
78 into B<ctx>. The formatting B<type> of the certificate must be specified
80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
86 be sorted starting with the subject's certificate (actua
[all...]
H A DX509_get_extension_flags.pod15 X509_get_proxy_pathlen - retrieve certificate extension data
35 These functions retrieve information related to commonly used certificate extensions.
37 X509_get_pathlen() retrieves the path length extension from a certificate.
41 X509_get_extension_flags() retrieves general information about a certificate,
48 The certificate is an obsolete version 1 certificate.
52 The certificate contains a basic constraints extension.
56 The certificate contains basic constraints and asserts the CA flag.
60 The certificate is a valid proxy certificate.
64 The certificate is self issued (that is subject and issuer names match).
73 The freshest CRL extension is present in the certificate.
[all …]
H A DSSL_CTX_add1_chain_cert.pod11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
71 (i.e. server or client) certificate. This is the last certificate loaded or
75 certificate, but only if B<x509> has already been loaded into B<ctx> using a
83 SSL_CTX_set_current_cert() changes the current certificate to a value based
[all …]
H A DSSL_CTX_set_verify.pod12 - set various SSL/TLS parameters for peer certificate verification
50 This would be typically done in case the certificate verification was not yet
57 server certificate verification step.
62 SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
65 SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
72 sent. A certificate callback will need to be set via
73 SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.
88 B<Server mode:> the server will not send a client certificate request to the
89 client, so the client will not send a certificate.
92 server will send a certificate whic
[all...]
H A DSSL_get_peer_certificate.pod7 SSL_get1_peer_certificate - get the X509 certificate of the peer
24 These functions return a pointer to the X509 certificate the
25 peer presented. If the peer did not present a certificate, NULL is returned.
30 certificate, if present. A client will only send a certificate when
35 That a certificate is returned does not indicate information about the
41 containing the peer certificate is freed. The X509 object must be explicitly
57 No certificate was presented by the peer or no connection was established.
59 =item Pointer to an X509 certificate
61 The return value points to the certificate presented by the peer.
H A DSSL_get_peer_cert_chain.pod5 SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate
18 forming the certificate chain sent by the peer. If called on the client side,
19 the stack also contains the peer's certificate; if called on the server
20 side, the peer's certificate must be obtained separately using
22 If the peer did not present a certificate, NULL is returned.
28 SSL_get0_verified_chain() returns the B<verified> certificate chain
29 of the peer including the peer's end entity certificate. It must be called
40 The reference count of each certificate in the returned STACK_OF(X509) object
54 No certificate was presented by the peer or no connection was established
55 or the certificate chain is no longer available when a session is reused.
[all …]
H A DSSL_check_chain.pod5 SSL_check_chain - check certificate chain suitability
15 SSL_check_chain() checks whether certificate B<x>, private key B<pk> and
16 certificate chain B<chain> is suitable for use with the current session
25 If this flag is B<not> set then the certificate will never be used even
31 B<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is
37 B<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are
42 B<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm
49 B<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful
57 clients after a certificate request message. It will typically be called
58 in the certificate callback.
[all …]
H A DOSSL_CMP_exec_certreq.pod55 OSSL_CMP_exec_IR_ses() requests an initial certificate from the given PKI.
57 OSSL_CMP_exec_CR_ses() requests an additional certificate.
59 OSSL_CMP_exec_P10CR_ses() conveys a legacy PKCS#10 CSR requesting a certificate.
61 OSSL_CMP_exec_KUR_ses() obtains an updated certificate.
63 These four types of certificate enrollment are implemented as macros
66 OSSL_CMP_exec_certreq() performs a certificate request of the type specified
68 For IR, CR, and KUR, the certificate template to be used in the request
79 When called for the first time (with no certificate request in progress for
80 the given I<ctx>) it starts a new transaction by sending a certificate request
85 If the requested certificate is available the function returns 1 and the
[all …]
H A DSSL_alert_type_string.pod40 non-fatal errors are certificate errors ("certificate expired",
41 "unsupported certificate"), for which a warning alert may be sent.
99 =item "NC"/"no certificate"
101 A client, that was asked to send a certificate, does not send a certificate
104 =item "BC"/"bad certificate"
106 A certificate was corrupt, contained signatures that did not
109 =item "UC"/"unsupported certificate"
111 A certificate was of an unsupported type.
113 =item "CR"/"certificate revoked"
115 A certificate was revoked by its signer.
[all …]
/freebsd/crypto/openssl/doc/HOWTO/
H A Dcertificates.txt13 This file is for users who wish to get a certificate of their own.
29 keys, so before you create a certificate or a certificate request, you
42 3. Creating a certificate request
44 To create a certificate, you need to start with a certificate request
45 (or, as some certificate authorities like to put it, "certificate
48 policies). A certificate request is sent to a certificate authority
49 to get it signed into a certificate. You can also sign the certificate
50 yourself if you have your own certificate authority or create a
51 self-signed certificate (typically for testing purpose).
53 The certificate request is created like this:
[all …]
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-x509.pod.in84 This command is a multi-purposes certificate handling command.
85 It can be used to print certificate information,
86 convert certificates to various forms, edit certificate trust settings,
105 This specifies the input to read a certificate from
106 or the input file for reading a certificate request if the B<-req> flag is used.
113 The key and certificate file password source.
119 Generate a certificate from scratch, not using an input certificate
120 or certificate request. So the B<-in> option must not be used in this case.
128 Output a PKCS#10 certificate request (rather than a certificate).
132 X.509 extensions included in a certificate input are not copied by default.
[all …]
H A Dopenssl-verification-options.pod5 openssl-verification-options - generic X.509 certificate verification options
25 starting from the I<target certificate> that is to be verified
26 and ending in a certificate that due to some policy is trusted.
28 is a high-level specification of the intended use of the target certificate,
57 or Apple's and Microsoft's certificate stores, ...
59 From the OpenSSL perspective, a trust anchor is a certificate
61 uses of a target certificate the certificate may serve as a trust anchor.
79 A certificate, which may be CA certificate or an end-entity certificate,
104 First, a certificate chain is built up starting from the target certificate
108 a certificate with suitable key usage that
[all …]
H A Dopenssl-verify.pod.in6 openssl-verify - certificate verification command
24 [I<certificate> ...]
28 This command verifies certificate chains. If a certificate chain has multiple
51 Display information about the certificate chain that has been built (if
96 certificate files. This is useful if the first certificate filename begins
99 =item I<certificate> ...
102 given, this command will attempt to read a single certificate from standard
113 error 24 at 1 depth lookup:invalid CA certificate
115 The first line contains the name of the certificate being verified followed by
116 the subject name of the certificate. The second line contains the error number
[all …]
H A Dopenssl-nseq.pod.in6 openssl-nseq - create or examine a Netscape certificate sequence
19 This command takes a file containing a Netscape certificate
21 file of certificates and converts it into a Netscape certificate
24 A Netscape certificate sequence is an old Netscape-specific format that
27 certificate enrollment. It was also used by Netscape certificate server.
48 Normally a Netscape certificate sequence will be input and the output
50 situation is reversed: a Netscape certificate sequence is created from
59 Output the certificates in a Netscape certificate sequence
63 Create a Netscape certificate sequence
/freebsd/crypto/openssl/doc/man7/
H A Dx509.pod5 x509 - X.509 certificate handling
13 An X.509 certificate is a structured grouping of information about
15 (certificate revocation list) is a tool to help determine if a
16 certificate is still valid. The exact definition of those can be
18 In OpenSSL, the type X509 is used to express such a certificate, and
21 A related structure is a certificate request, defined in PKCS#10 from
23 X509_REQ is used to express such a certificate request.
25 To handle some complex parts of a certificate, there are the types
26 X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
27 a certificate attribute), X509_EXTENSION (to express a certificate
[all …]
/freebsd/crypto/heimdal/doc/
H A Dhx509.texi193 * Creating a CA certificate::
196 @c * Issuing a proxy certificate::
197 @c * Creating a user certificate::
198 @c * Validating a certificate::
199 @c * Validating a certificate path::
234 An optional system to which a CA delegates the publication of certificate revocation lists.
242 and basic certificate processing tasks, path construction, path
244 Encrypted (shared secret encrypted), CMS SignedData (certificate
245 signed), and CMS EnvelopedData (certificate encrypted).
255 the IETF's PKIX Certificate and CRL Profile of the X.509 v3 certificate
[all …]
/freebsd/crypto/openssh/
H A DPROTOCOL.certkeys1 This document describes a simple public-key certificate authentication
15 system already in SSH to allow certificate-based authentication. The
28 All certificate types include certification information along with the
58 algorithm names to add support for certificate authentication without
69 The certificate key types take a similar high-level format (note: data
76 RSA certificate
94 DSA certificate
114 ECDSA certificate
134 ED25519 certificate
164 serial is an optional certificate serial number set by the CA to
[all …]

12345678910>>...21