xref: /freebsd/crypto/openssl/doc/man1/openssl-x509.pod.in (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1=pod
2{- OpenSSL::safe::output_do_not_edit_headers(); -}
3
4=head1 NAME
5
6openssl-x509 - Certificate display and signing command
7
8=head1 SYNOPSIS
9
10B<openssl> B<x509>
11[B<-help>]
12[B<-in> I<filename>|I<uri>]
13[B<-passin> I<arg>]
14[B<-new>]
15[B<-x509toreq>]
16[B<-req>]
17[B<-copy_extensions> I<arg>]
18[B<-inform> B<DER>|B<PEM>]
19[B<-vfyopt> I<nm>:I<v>]
20[B<-key> I<filename>|I<uri>]
21[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
22[B<-signkey> I<filename>|I<uri>]
23[B<-out> I<filename>]
24[B<-outform> B<DER>|B<PEM>]
25[B<-nocert>]
26[B<-noout>]
27[B<-dateopt>]
28[B<-text>]
29[B<-certopt> I<option>]
30[B<-fingerprint>]
31[B<-alias>]
32[B<-serial>]
33[B<-startdate>]
34[B<-enddate>]
35[B<-dates>]
36[B<-subject>]
37[B<-issuer>]
38{- $OpenSSL::safe::opt_name_synopsis -}
39[B<-email>]
40[B<-hash>]
41[B<-subject_hash>]
42[B<-subject_hash_old>]
43[B<-issuer_hash>]
44[B<-issuer_hash_old>]
45[B<-ext> I<extensions>]
46[B<-ocspid>]
47[B<-ocsp_uri>]
48[B<-purpose>]
49[B<-pubkey>]
50[B<-modulus>]
51[B<-checkend> I<num>]
52[B<-checkhost> I<host>]
53[B<-checkemail> I<host>]
54[B<-checkip> I<ipaddr>]
55[B<-set_serial> I<n>]
56[B<-next_serial>]
57[B<-days> I<arg>]
58[B<-preserve_dates>]
59[B<-subj> I<arg>]
60[B<-force_pubkey> I<filename>]
61[B<-clrext>]
62[B<-extfile> I<filename>]
63[B<-extensions> I<section>]
64[B<-sigopt> I<nm>:I<v>]
65[B<-badsig>]
66[B<-I<digest>>]
67[B<-CA> I<filename>|I<uri>]
68[B<-CAform> B<DER>|B<PEM>|B<P12>]
69[B<-CAkey> I<filename>|I<uri>]
70[B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
71[B<-CAserial> I<filename>]
72[B<-CAcreateserial>]
73[B<-trustout>]
74[B<-setalias> I<arg>]
75[B<-clrtrust>]
76[B<-addtrust> I<arg>]
77[B<-clrreject>]
78[B<-addreject> I<arg>]
79{- $OpenSSL::safe::opt_r_synopsis -}
80{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
81
82=head1 DESCRIPTION
83
84This command is a multi-purposes certificate handling command.
85It can be used to print certificate information,
86convert certificates to various forms, edit certificate trust settings,
87generate certificates from scratch or from certificating requests
88and then self-signing them or signing them like a "micro CA".
89
90Since there are a large number of options they will split up into
91various sections.
92
93=head1 OPTIONS
94
95=head2 Input, Output, and General Purpose Options
96
97=over 4
98
99=item B<-help>
100
101Print out a usage message.
102
103=item B<-in> I<filename>|I<uri>
104
105This specifies the input to read a certificate from
106or the input file for reading a certificate request if the B<-req> flag is used.
107In both cases this defaults to standard input.
108
109This option cannot be combined with the B<-new> flag.
110
111=item B<-passin> I<arg>
112
113The key and certificate file password source.
114For more information about the format of I<arg>
115see L<openssl-passphrase-options(1)>.
116
117=item B<-new>
118
119Generate a certificate from scratch, not using an input certificate
120or certificate request. So the B<-in> option must not be used in this case.
121Instead, the B<-subj> option needs to be given.
122The public key to include can be given with the B<-force_pubkey> option
123and defaults to the key given with the B<-key> (or B<-signkey>) option,
124which implies self-signature.
125
126=item B<-x509toreq>
127
128Output a PKCS#10 certificate request (rather than a certificate).
129The B<-key> (or B<-signkey>) option must be used to provide the private key for
130self-signing; the corresponding public key is placed in the subjectPKInfo field.
131
132X.509 extensions included in a certificate input are not copied by default.
133X.509 extensions to be added can be specified using the B<-extfile> option.
134
135=item B<-req>
136
137By default a certificate is expected on input.
138With this option a PKCS#10 certificate request is expected instead,
139which must be correctly self-signed.
140
141X.509 extensions included in the request are not copied by default.
142X.509 extensions to be added can be specified using the B<-extfile> option.
143
144=item B<-copy_extensions> I<arg>
145
146Determines how to handle X.509 extensions
147when converting from a certificate to a request using the B<-x509toreq> option
148or converting from a request to a certificate using the B<-req> option.
149If I<arg> is B<none> or this option is not present then extensions are ignored.
150If I<arg> is B<copy> or B<copyall> then all extensions are copied,
151except that subject identifier and authority key identifier extensions
152are not taken over when producing a certificate request.
153
154The B<-ext> option can be used to further restrict which extensions to copy.
155
156=item B<-inform> B<DER>|B<PEM>
157
158The input file format; unspecified by default.
159See L<openssl-format-options(1)> for details.
160
161=item B<-vfyopt> I<nm>:I<v>
162
163Pass options to the signature algorithm during verify operations.
164Names and values of these options are algorithm-specific.
165
166=item B<-key> I<filename>|I<uri>
167
168This option provides the private key for signing a new certificate or
169certificate request.
170Unless B<-force_pubkey> is given, the corresponding public key is placed in
171the new certificate or certificate request, resulting in a self-signature.
172
173This option cannot be used in conjunction with the B<-CA> option.
174
175It sets the issuer name to the subject name (i.e., makes it self-issued)
176and changes the public key to the supplied value (unless overridden
177by B<-force_pubkey>).
178Unless the B<-preserve_dates> option is supplied,
179it sets the validity start date to the current time
180and the end date to a value determined by the B<-days> option.
181
182=item B<-signkey> I<filename>|I<uri>
183
184This option is an alias of B<-key>.
185
186=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
187
188The key input format; unspecified by default.
189See L<openssl-format-options(1)> for details.
190
191=item B<-out> I<filename>
192
193This specifies the output filename to write to or standard output by default.
194
195=item B<-outform> B<DER>|B<PEM>
196
197The output format; the default is B<PEM>.
198See L<openssl-format-options(1)> for details.
199
200=item B<-nocert>
201
202Do not output a certificate (except for printing as requested by below options).
203
204=item B<-noout>
205
206This option prevents output except for printing as requested by below options.
207
208=back
209
210=head2 Certificate Printing Options
211
212Note: the B<-alias> and B<-purpose> options are also printing options
213but are described in the L</Trust Settings> section.
214
215=over 4
216
217=item B<-dateopt>
218
219Specify the date output format. Values are: rfc_822 and iso_8601.
220Defaults to rfc_822.
221
222=item B<-text>
223
224Prints out the certificate in text form. Full details are printed including the
225public key, signature algorithms, issuer and subject names, serial number
226any extensions present and any trust settings.
227
228=item B<-certopt> I<option>
229
230Customise the print format used with B<-text>. The I<option> argument
231can be a single option or multiple options separated by commas.
232The B<-certopt> switch may be also be used more than once to set multiple
233options. See the L</Text Printing Flags> section for more information.
234
235=item B<-fingerprint>
236
237Calculates and prints the digest of the DER encoded version of the entire
238certificate (see digest options).
239This is commonly called a "fingerprint". Because of the nature of message
240digests, the fingerprint of a certificate is unique to that certificate and
241two certificates with the same fingerprint can be considered to be the same.
242
243=item B<-alias>
244
245Prints the certificate "alias" (nickname), if any.
246
247=item B<-serial>
248
249Prints the certificate serial number.
250
251=item B<-startdate>
252
253Prints out the start date of the certificate, that is the notBefore date.
254
255=item B<-enddate>
256
257Prints out the expiry date of the certificate, that is the notAfter date.
258
259=item B<-dates>
260
261Prints out the start and expiry dates of a certificate.
262
263=item B<-subject>
264
265Prints the subject name.
266
267=item B<-issuer>
268
269Prints the issuer name.
270
271{- $OpenSSL::safe::opt_name_item -}
272
273=item B<-email>
274
275Prints the email address(es) if any.
276
277=item B<-hash>
278
279Synonym for "-subject_hash" for backward compatibility reasons.
280
281=item B<-subject_hash>
282
283Prints the "hash" of the certificate subject name. This is used in OpenSSL to
284form an index to allow certificates in a directory to be looked up by subject
285name.
286
287=item B<-subject_hash_old>
288
289Prints the "hash" of the certificate subject name using the older algorithm
290as used by OpenSSL before version 1.0.0.
291
292=item B<-issuer_hash>
293
294Prints the "hash" of the certificate issuer name.
295
296=item B<-issuer_hash_old>
297
298Prints the "hash" of the certificate issuer name using the older algorithm
299as used by OpenSSL before version 1.0.0.
300
301=item B<-ext> I<extensions>
302
303Prints out the certificate extensions in text form.
304Can also be used to restrict which extensions to copy.
305Extensions are specified
306with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier".
307See the L<x509v3_config(5)> manual page for the extension names.
308
309=item B<-ocspid>
310
311Prints the OCSP hash values for the subject name and public key.
312
313=item B<-ocsp_uri>
314
315Prints the OCSP responder address(es) if any.
316
317=item B<-purpose>
318
319This option performs tests on the certificate extensions and outputs
320the results. For a more complete description see
321L<openssl-verification-options(1)/Certificate Extensions>.
322
323=item B<-pubkey>
324
325Prints the certificate's SubjectPublicKeyInfo block in PEM format.
326
327=item B<-modulus>
328
329This option prints out the value of the modulus of the public key
330contained in the certificate.
331
332=back
333
334=head2 Certificate Checking Options
335
336=over 4
337
338=item B<-checkend> I<arg>
339
340Checks if the certificate expires within the next I<arg> seconds and exits
341nonzero if yes it will expire or zero if not.
342
343=item B<-checkhost> I<host>
344
345Check that the certificate matches the specified host.
346
347=item B<-checkemail> I<email>
348
349Check that the certificate matches the specified email address.
350
351=item B<-checkip> I<ipaddr>
352
353Check that the certificate matches the specified IP address.
354
355=back
356
357=head2 Certificate Output Options
358
359=over 4
360
361=item B<-set_serial> I<n>
362
363Specifies the serial number to use.
364This option can be used with the B<-key>, B<-signkey>, or B<-CA> options.
365If used in conjunction with the B<-CA> option
366the serial number file (as specified by the B<-CAserial> option) is not used.
367
368The serial number can be decimal or hex (if preceded by C<0x>).
369
370=item B<-next_serial>
371
372Set the serial to be one more than the number in the certificate.
373
374=item B<-days> I<arg>
375
376Specifies the number of days until a newly generated certificate expires.
377The default is 30.
378Cannot be used together with the B<-preserve_dates> option.
379
380=item B<-preserve_dates>
381
382When signing a certificate, preserve "notBefore" and "notAfter" dates of any
383input certificate instead of adjusting them to current time and duration.
384Cannot be used together with the B<-days> option.
385
386=item B<-subj> I<arg>
387
388When a certificate is created set its subject name to the given value.
389When the certificate is self-signed the issuer name is set to the same value.
390
391The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
392Special characters may be escaped by C<\> (backslash), whitespace is retained.
393Empty values are permitted, but the corresponding type will not be included
394in the certificate.
395Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
396Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
397between the AttributeValueAssertions (AVAs) that specify the members of the set.
398Example:
399
400C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
401
402This option can be used in conjunction with the B<-force_pubkey> option
403to create a certificate even without providing an input certificate
404or certificate request.
405
406=item B<-force_pubkey> I<filename>
407
408When a certificate is created set its public key to the key in I<filename>
409instead of the key contained in the input
410or given with the B<-key> (or B<-signkey>) option.
411
412This option is useful for creating self-issued certificates that are not
413self-signed, for instance when the key cannot be used for signing, such as DH.
414It can also be used in conjunction with B<-new> and B<-subj> to directly
415generate a certificate containing any desired public key.
416
417=item B<-clrext>
418
419When transforming a certificate to a new certificate
420by default all certificate extensions are retained.
421
422When transforming a certificate or certificate request,
423the B<-clrext> option prevents taking over any extensions from the source.
424In any case, when producing a certificate request,
425neither subject identifier nor authority key identifier extensions are included.
426
427=item B<-extfile> I<filename>
428
429Configuration file containing certificate and request X.509 extensions to add.
430
431=item B<-extensions> I<section>
432
433The section in the extfile to add X.509 extensions from.
434If this option is not
435specified then the extensions should either be contained in the unnamed
436(default) section or the default section should contain a variable called
437"extensions" which contains the section to use.
438See the L<x509v3_config(5)> manual page for details of the
439extension section format.
440
441=item B<-sigopt> I<nm>:I<v>
442
443Pass options to the signature algorithm during sign operations.
444This option may be given multiple times.
445Names and values provided using this option are algorithm-specific.
446
447=item B<-badsig>
448
449Corrupt the signature before writing it; this can be useful
450for testing.
451
452=item B<-I<digest>>
453
454The digest to use.
455This affects any signing or printing option that uses a message
456digest, such as the B<-fingerprint>, B<-key>, and B<-CA> options.
457Any digest supported by the L<openssl-dgst(1)> command can be used.
458If not specified then SHA1 is used with B<-fingerprint> or
459the default digest for the signing algorithm is used, typically SHA256.
460
461=back
462
463=head2 Micro-CA Options
464
465=over 4
466
467=item B<-CA> I<filename>|I<uri>
468
469Specifies the "CA" certificate to be used for signing.
470When present, this behaves like a "micro CA" as follows:
471The subject name of the "CA" certificate is placed as issuer name in the new
472certificate, which is then signed using the "CA" key given as detailed below.
473
474This option cannot be used in conjunction with B<-key> (or B<-signkey>).
475This option is normally combined with the B<-req> option referencing a CSR.
476Without the B<-req> option the input must be an existing certificate
477unless the B<-new> option is given, which generates a certificate from scratch.
478
479=item B<-CAform> B<DER>|B<PEM>|B<P12>,
480
481The format for the CA certificate; unspecified by default.
482See L<openssl-format-options(1)> for details.
483
484=item B<-CAkey> I<filename>|I<uri>
485
486Sets the CA private key to sign a certificate with.
487The private key must match the public key of the certificate given with B<-CA>.
488If this option is not provided then the key must be present in the B<-CA> input.
489
490=item B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
491
492The format for the CA key; unspecified by default.
493See L<openssl-format-options(1)> for details.
494
495=item B<-CAserial> I<filename>
496
497Sets the CA serial number file to use.
498
499When creating a certificate with this option and with the B<-CA> option,
500the certificate serial number is stored in the given file.
501This file consists of one line containing
502an even number of hex digits with the serial number used last time.
503After reading this number, it is incremented and used, and the file is updated.
504
505The default filename consists of the CA certificate file base name with
506F<.srl> appended. For example if the CA certificate file is called
507F<mycacert.pem> it expects to find a serial number file called
508F<mycacert.srl>.
509
510If the B<-CA> option is specified and neither <-CAserial> or <-CAcreateserial>
511is given and the default serial number file does not exist,
512a random number is generated; this is the recommended practice.
513
514=item B<-CAcreateserial>
515
516With this option and the B<-CA> option
517the CA serial number file is created if it does not exist.
518A random number is generated, used for the certificate,
519and saved into the serial number file determined as described above.
520
521=back
522
523=head2 Trust Settings
524
525A B<trusted certificate> is an ordinary certificate which has several
526additional pieces of information attached to it such as the permitted
527and prohibited uses of the certificate and possibly an "alias" (nickname).
528
529Normally when a certificate is being verified at least one certificate
530must be "trusted". By default a trusted certificate must be stored
531locally and must be a root CA: any certificate chain ending in this CA
532is then usable for any purpose.
533
534Trust settings currently are only used with a root CA.
535They allow a finer control over the purposes the root CA can be used for.
536For example, a CA may be trusted for SSL client but not SSL server use.
537
538See L<openssl-verification-options(1)> for more information
539on the meaning of trust settings.
540
541Future versions of OpenSSL will recognize trust settings on any
542certificate: not just root CAs.
543
544=over 4
545
546=item B<-trustout>
547
548Mark any certificate PEM output as <trusted> certificate rather than ordinary.
549An ordinary or trusted certificate can be input but by default an ordinary
550certificate is output and any trust settings are discarded.
551With the B<-trustout> option a trusted certificate is output. A trusted
552certificate is automatically output if any trust settings are modified.
553
554=item B<-setalias> I<arg>
555
556Sets the "alias" of the certificate. This will allow the certificate
557to be referred to using a nickname for example "Steve's Certificate".
558
559=item B<-clrtrust>
560
561Clears all the permitted or trusted uses of the certificate.
562
563=item B<-addtrust> I<arg>
564
565Adds a trusted certificate use.
566Any object name can be used here but currently only B<clientAuth>,
567B<serverAuth>, B<emailProtection>, and B<anyExtendedKeyUsage> are defined.
568As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or
569enables all purposes when trusted.
570Other OpenSSL applications may define additional uses.
571
572=item B<-clrreject>
573
574Clears all the prohibited or rejected uses of the certificate.
575
576=item B<-addreject> I<arg>
577
578Adds a prohibited trust anchor purpose.
579It accepts the same values as the B<-addtrust> option.
580
581=back
582
583=head2 Generic options
584
585=over 4
586
587{- $OpenSSL::safe::opt_r_item -}
588
589{- $OpenSSL::safe::opt_engine_item -}
590
591{- $OpenSSL::safe::opt_provider_item -}
592
593=back
594
595=head2 Text Printing Flags
596
597As well as customising the name printing format, it is also possible to
598customise the actual fields printed using the B<certopt> option when
599the B<text> option is present. The default behaviour is to print all fields.
600
601=over 4
602
603=item B<compatible>
604
605Use the old format. This is equivalent to specifying no printing options at all.
606
607=item B<no_header>
608
609Don't print header information: that is the lines saying "Certificate"
610and "Data".
611
612=item B<no_version>
613
614Don't print out the version number.
615
616=item B<no_serial>
617
618Don't print out the serial number.
619
620=item B<no_signame>
621
622Don't print out the signature algorithm used.
623
624=item B<no_validity>
625
626Don't print the validity, that is the B<notBefore> and B<notAfter> fields.
627
628=item B<no_subject>
629
630Don't print out the subject name.
631
632=item B<no_issuer>
633
634Don't print out the issuer name.
635
636=item B<no_pubkey>
637
638Don't print out the public key.
639
640=item B<no_sigdump>
641
642Don't give a hexadecimal dump of the certificate signature.
643
644=item B<no_aux>
645
646Don't print out certificate trust information.
647
648=item B<no_extensions>
649
650Don't print out any X509V3 extensions.
651
652=item B<ext_default>
653
654Retain default extension behaviour: attempt to print out unsupported
655certificate extensions.
656
657=item B<ext_error>
658
659Print an error message for unsupported certificate extensions.
660
661=item B<ext_parse>
662
663ASN1 parse unsupported extensions.
664
665=item B<ext_dump>
666
667Hex dump unsupported extensions.
668
669=item B<ca_default>
670
671The value used by L<openssl-ca(1)>, equivalent to B<no_issuer>, B<no_pubkey>,
672B<no_header>, and B<no_version>.
673
674=back
675
676=head1 EXAMPLES
677
678Note: in these examples the '\' means the example should be all on one
679line.
680
681Print the contents of a certificate:
682
683 openssl x509 -in cert.pem -noout -text
684
685Print the "Subject Alternative Name" extension of a certificate:
686
687 openssl x509 -in cert.pem -noout -ext subjectAltName
688
689Print more extensions of a certificate:
690
691 openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
692
693Print the certificate serial number:
694
695 openssl x509 -in cert.pem -noout -serial
696
697Print the certificate subject name:
698
699 openssl x509 -in cert.pem -noout -subject
700
701Print the certificate subject name in RFC2253 form:
702
703 openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
704
705Print the certificate subject name in oneline form on a terminal
706supporting UTF8:
707
708 openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
709
710Print the certificate SHA1 fingerprint:
711
712 openssl x509 -sha1 -in cert.pem -noout -fingerprint
713
714Convert a certificate from PEM to DER format:
715
716 openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
717
718Convert a certificate to a certificate request:
719
720 openssl x509 -x509toreq -in cert.pem -out req.pem -key key.pem
721
722Convert a certificate request into a self-signed certificate using
723extensions for a CA:
724
725 openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
726        -key key.pem -out cacert.pem
727
728Sign a certificate request using the CA certificate above and add user
729certificate extensions:
730
731 openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
732        -CA cacert.pem -CAkey key.pem -CAcreateserial
733
734Set a certificate to be trusted for SSL client use and change set its alias to
735"Steve's Class 1 CA"
736
737 openssl x509 -in cert.pem -addtrust clientAuth \
738        -setalias "Steve's Class 1 CA" -out trust.pem
739
740=head1 NOTES
741
742The conversion to UTF8 format used with the name options assumes that
743T61Strings use the ISO8859-1 character set. This is wrong but Netscape
744and MSIE do this as do many certificates. So although this is incorrect
745it is more likely to print the majority of certificates correctly.
746
747The B<-email> option searches the subject name and the subject alternative
748name extension. Only unique email addresses will be printed out: it will
749not print the same address more than once.
750
751=head1 BUGS
752
753It is possible to produce invalid certificates or requests by specifying the
754wrong private key, using unsuitable X.509 extensions,
755or using inconsistent options in some cases: these should be checked.
756
757There should be options to explicitly set such things as start and end
758dates rather than an offset from the current time.
759
760=head1 SEE ALSO
761
762L<openssl(1)>,
763L<openssl-req(1)>,
764L<openssl-ca(1)>,
765L<openssl-genrsa(1)>,
766L<openssl-gendsa(1)>,
767L<openssl-verify(1)>,
768L<x509v3_config(5)>
769
770=head1 HISTORY
771
772The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
773before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
774of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical
775version of the DN using SHA1. This means that any directories using the old
776form must have their links rebuilt using L<openssl-rehash(1)> or similar.
777
778The B<-signkey> option has been renamed to B<-key> in OpenSSL 3.0,
779keeping the old name as an alias.
780
781The B<-engine> option was deprecated in OpenSSL 3.0.
782
783The B<-C> option was removed in OpenSSL 3.0.
784
785=head1 COPYRIGHT
786
787Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
788
789Licensed under the Apache License 2.0 (the "License").  You may not use
790this file except in compliance with the License.  You can obtain a copy
791in the file LICENSE in the source distribution or at
792L<https://www.openssl.org/source/license.html>.
793
794=cut
795