xref: /freebsd/crypto/openssl/doc/man5/x509v3_config.pod (revision cfd6422a5217410fbd66f7a7a8a64d9d85e61229)
1=pod
2
3=head1 NAME
4
5x509v3_config - X509 V3 certificate extension configuration format
6
7=head1 DESCRIPTION
8
9Several of the OpenSSL utilities can add extensions to a certificate or
10certificate request based on the contents of a configuration file.
11
12Typically the application will contain an option to point to an extension
13section. Each line of the extension section takes the form:
14
15 extension_name=[critical,] extension_options
16
17If B<critical> is present then the extension will be critical.
18
19The format of B<extension_options> depends on the value of B<extension_name>.
20
21There are four main types of extension: I<string> extensions, I<multi-valued>
22extensions, I<raw> and I<arbitrary> extensions.
23
24String extensions simply have a string which contains either the value itself
25or how it is obtained.
26
27For example:
28
29 nsComment="This is a Comment"
30
31Multi-valued extensions have a short form and a long form. The short form
32is a list of names and values:
33
34 basicConstraints=critical,CA:true,pathlen:1
35
36The long form allows the values to be placed in a separate section:
37
38 basicConstraints=critical,@bs_section
39
40 [bs_section]
41
42 CA=true
43 pathlen=1
44
45Both forms are equivalent.
46
47The syntax of raw extensions is governed by the extension code: it can
48for example contain data in multiple sections. The correct syntax to
49use is defined by the extension code itself: check out the certificate
50policies extension for an example.
51
52If an extension type is unsupported then the I<arbitrary> extension syntax
53must be used, see the L<ARBITRARY EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
54
55=head1 STANDARD EXTENSIONS
56
57The following sections describe each supported extension in detail.
58
59=head2 Basic Constraints.
60
61This is a multi valued extension which indicates whether a certificate is
62a CA certificate. The first (mandatory) name is B<CA> followed by B<TRUE> or
63B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by a
64nonnegative value can be included.
65
66For example:
67
68 basicConstraints=CA:TRUE
69
70 basicConstraints=CA:FALSE
71
72 basicConstraints=critical,CA:TRUE, pathlen:0
73
74A CA certificate B<must> include the basicConstraints value with the CA field
75set to TRUE. An end user certificate must either set CA to FALSE or exclude the
76extension entirely. Some software may require the inclusion of basicConstraints
77with CA set to FALSE for end entity certificates.
78
79The pathlen parameter indicates the maximum number of CAs that can appear
80below this one in a chain. So if you have a CA with a pathlen of zero it can
81only be used to sign end user certificates and not further CAs.
82
83
84=head2 Key Usage.
85
86Key usage is a multi valued extension consisting of a list of names of the
87permitted key usages.
88
89The supported names are: digitalSignature, nonRepudiation, keyEncipherment,
90dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly
91and decipherOnly.
92
93Examples:
94
95 keyUsage=digitalSignature, nonRepudiation
96
97 keyUsage=critical, keyCertSign
98
99
100=head2 Extended Key Usage.
101
102This extensions consists of a list of usages indicating purposes for which
103the certificate public key can be used for,
104
105These can either be object short names or the dotted numerical form of OIDs.
106While any OID can be used only certain values make sense. In particular the
107following PKIX, NS and MS values are meaningful:
108
109 Value                  Meaning
110 -----                  -------
111 serverAuth             SSL/TLS Web Server Authentication.
112 clientAuth             SSL/TLS Web Client Authentication.
113 codeSigning            Code signing.
114 emailProtection        E-mail Protection (S/MIME).
115 timeStamping           Trusted Timestamping
116 OCSPSigning            OCSP Signing
117 ipsecIKE               ipsec Internet Key Exchange
118 msCodeInd              Microsoft Individual Code Signing (authenticode)
119 msCodeCom              Microsoft Commercial Code Signing (authenticode)
120 msCTLSign              Microsoft Trust List Signing
121 msEFS                  Microsoft Encrypted File System
122
123Examples:
124
125 extendedKeyUsage=critical,codeSigning,1.2.3.4
126 extendedKeyUsage=serverAuth,clientAuth
127
128
129=head2 Subject Key Identifier.
130
131This is really a string extension and can take two possible values. Either
132the word B<hash> which will automatically follow the guidelines in RFC3280
133or a hex string giving the extension value to include. The use of the hex
134string is strongly discouraged.
135
136Example:
137
138 subjectKeyIdentifier=hash
139
140
141=head2 Authority Key Identifier.
142
143The authority key identifier extension permits two options. keyid and issuer:
144both can take the optional value "always".
145
146If the keyid option is present an attempt is made to copy the subject key
147identifier from the parent certificate. If the value "always" is present
148then an error is returned if the option fails.
149
150The issuer option copies the issuer and serial number from the issuer
151certificate. This will only be done if the keyid option fails or
152is not included unless the "always" flag will always include the value.
153
154Example:
155
156 authorityKeyIdentifier=keyid,issuer
157
158
159=head2 Subject Alternative Name.
160
161The subject alternative name extension allows various literal values to be
162included in the configuration file. These include B<email> (an email address)
163B<URI> a uniform resource indicator, B<DNS> (a DNS domain name), B<RID> (a
164registered ID: OBJECT IDENTIFIER), B<IP> (an IP address), B<dirName>
165(a distinguished name) and otherName.
166
167The email option include a special 'copy' value. This will automatically
168include any email addresses contained in the certificate subject name in
169the extension.
170
171The IP address used in the B<IP> options can be in either IPv4 or IPv6 format.
172
173The value of B<dirName> should point to a section containing the distinguished
174name to use as a set of name value pairs. Multi values AVAs can be formed by
175prefacing the name with a B<+> character.
176
177otherName can include arbitrary data associated with an OID: the value
178should be the OID followed by a semicolon and the content in standard
179L<ASN1_generate_nconf(3)> format.
180
181Examples:
182
183 subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
184 subjectAltName=IP:192.168.7.1
185 subjectAltName=IP:13::17
186 subjectAltName=email:my@other.address,RID:1.2.3.4
187 subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
188
189 subjectAltName=dirName:dir_sect
190
191 [dir_sect]
192 C=UK
193 O=My Organization
194 OU=My Unit
195 CN=My Name
196
197
198=head2 Issuer Alternative Name.
199
200The issuer alternative name option supports all the literal options of
201subject alternative name. It does B<not> support the email:copy option because
202that would not make sense. It does support an additional issuer:copy option
203that will copy all the subject alternative name values from the issuer
204certificate (if possible).
205
206Example:
207
208 issuerAltName = issuer:copy
209
210
211=head2 Authority Info Access.
212
213The authority information access extension gives details about how to access
214certain information relating to the CA. Its syntax is accessOID;location
215where I<location> has the same syntax as subject alternative name (except
216that email:copy is not supported). accessOID can be any valid OID but only
217certain values are meaningful, for example OCSP and caIssuers.
218
219Example:
220
221 authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
222 authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
223
224
225=head2 CRL distribution points
226
227This is a multi-valued extension whose options can be either in name:value pair
228using the same form as subject alternative name or a single value representing
229a section name containing all the distribution point fields.
230
231For a name:value pair a new DistributionPoint with the fullName field set to
232the given value both the cRLissuer and reasons fields are omitted in this case.
233
234In the single option case the section indicated contains values for each
235field. In this section:
236
237If the name is "fullname" the value field should contain the full name
238of the distribution point in the same format as subject alternative name.
239
240If the name is "relativename" then the value field should contain a section
241name whose contents represent a DN fragment to be placed in this field.
242
243The name "CRLIssuer" if present should contain a value for this field in
244subject alternative name format.
245
246If the name is "reasons" the value field should consist of a comma
247separated field containing the reasons. Valid reasons are: "keyCompromise",
248"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation",
249"certificateHold", "privilegeWithdrawn" and "AACompromise".
250
251
252Simple examples:
253
254 crlDistributionPoints=URI:http://myhost.com/myca.crl
255 crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
256
257Full distribution point example:
258
259 crlDistributionPoints=crldp1_section
260
261 [crldp1_section]
262
263 fullname=URI:http://myhost.com/myca.crl
264 CRLissuer=dirName:issuer_sect
265 reasons=keyCompromise, CACompromise
266
267 [issuer_sect]
268 C=UK
269 O=Organisation
270 CN=Some Name
271
272=head2 Issuing Distribution Point
273
274This extension should only appear in CRLs. It is a multi valued extension
275whose syntax is similar to the "section" pointed to by the CRL distribution
276points extension with a few differences.
277
278The names "reasons" and "CRLissuer" are not recognized.
279
280The name "onlysomereasons" is accepted which sets this field. The value is
281in the same format as the CRL distribution point "reasons" field.
282
283The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted
284the values should be a boolean value (TRUE or FALSE) to indicate the value of
285the corresponding field.
286
287Example:
288
289 issuingDistributionPoint=critical, @idp_section
290
291 [idp_section]
292
293 fullname=URI:http://myhost.com/myca.crl
294 indirectCRL=TRUE
295 onlysomereasons=keyCompromise, CACompromise
296
297 [issuer_sect]
298 C=UK
299 O=Organisation
300 CN=Some Name
301
302
303=head2 Certificate Policies.
304
305This is a I<raw> extension. All the fields of this extension can be set by
306using the appropriate syntax.
307
308If you follow the PKIX recommendations and just using one OID then you just
309include the value of that OID. Multiple OIDs can be set separated by commas,
310for example:
311
312 certificatePolicies= 1.2.4.5, 1.1.3.4
313
314If you wish to include qualifiers then the policy OID and qualifiers need to
315be specified in a separate section: this is done by using the @section syntax
316instead of a literal OID value.
317
318The section referred to must include the policy OID using the name
319policyIdentifier, cPSuri qualifiers can be included using the syntax:
320
321 CPS.nnn=value
322
323userNotice qualifiers can be set using the syntax:
324
325 userNotice.nnn=@notice
326
327The value of the userNotice qualifier is specified in the relevant section.
328This section can include explicitText, organization and noticeNumbers
329options. explicitText and organization are text strings, noticeNumbers is a
330comma separated list of numbers. The organization and noticeNumbers options
331(if included) must BOTH be present. If you use the userNotice option with IE5
332then you need the 'ia5org' option at the top level to modify the encoding:
333otherwise it will not be interpreted properly.
334
335Example:
336
337 certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
338
339 [polsect]
340
341 policyIdentifier = 1.3.5.8
342 CPS.1="http://my.host.name/"
343 CPS.2="http://my.your.name/"
344 userNotice.1=@notice
345
346 [notice]
347
348 explicitText="Explicit Text Here"
349 organization="Organisation Name"
350 noticeNumbers=1,2,3,4
351
352The B<ia5org> option changes the type of the I<organization> field. In RFC2459
353it can only be of type DisplayText. In RFC3280 IA5String is also permissible.
354Some software (for example some versions of MSIE) may require ia5org.
355
356ASN1 type of explicitText can be specified by prepending B<UTF8>,
357B<BMP> or B<VISIBLE> prefix followed by colon. For example:
358
359 [notice]
360 explicitText="UTF8:Explicit Text Here"
361
362=head2 Policy Constraints
363
364This is a multi-valued extension which consisting of the names
365B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative integer
366value. At least one component must be present.
367
368Example:
369
370 policyConstraints = requireExplicitPolicy:3
371
372
373=head2 Inhibit Any Policy
374
375This is a string extension whose value must be a non negative integer.
376
377Example:
378
379 inhibitAnyPolicy = 2
380
381
382=head2 Name Constraints
383
384The name constraints extension is a multi-valued extension. The name should
385begin with the word B<permitted> or B<excluded> followed by a B<;>. The rest of
386the name and the value follows the syntax of subjectAltName except email:copy
387is not supported and the B<IP> form should consist of an IP addresses and
388subnet mask separated by a B</>.
389
390Examples:
391
392 nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
393
394 nameConstraints=permitted;email:.somedomain.com
395
396 nameConstraints=excluded;email:.com
397
398
399=head2 OCSP No Check
400
401The OCSP No Check extension is a string extension but its value is ignored.
402
403Example:
404
405 noCheck = ignored
406
407
408=head2 TLS Feature (aka Must Staple)
409
410This is a multi-valued extension consisting of a list of TLS extension
411identifiers. Each identifier may be a number (0..65535) or a supported name.
412When a TLS client sends a listed extension, the TLS server is expected to
413include that extension in its reply.
414
415The supported names are: B<status_request> and B<status_request_v2>.
416
417Example:
418
419 tlsfeature = status_request
420
421
422=head1 DEPRECATED EXTENSIONS
423
424The following extensions are non standard, Netscape specific and largely
425obsolete. Their use in new applications is discouraged.
426
427=head2 Netscape String extensions.
428
429Netscape Comment (B<nsComment>) is a string extension containing a comment
430which will be displayed when the certificate is viewed in some browsers.
431
432Example:
433
434 nsComment = "Some Random Comment"
435
436Other supported extensions in this category are: B<nsBaseUrl>,
437B<nsRevocationUrl>, B<nsCaRevocationUrl>, B<nsRenewalUrl>, B<nsCaPolicyUrl>
438and B<nsSslServerName>.
439
440
441=head2 Netscape Certificate Type
442
443This is a multi-valued extensions which consists of a list of flags to be
444included. It was used to indicate the purposes for which a certificate could
445be used. The basicConstraints, keyUsage and extended key usage extensions are
446now used instead.
447
448Acceptable values for nsCertType are: B<client>, B<server>, B<email>,
449B<objsign>, B<reserved>, B<sslCA>, B<emailCA>, B<objCA>.
450
451
452=head1 ARBITRARY EXTENSIONS
453
454If an extension is not supported by the OpenSSL code then it must be encoded
455using the arbitrary extension format. It is also possible to use the arbitrary
456format for supported extensions. Extreme care should be taken to ensure that
457the data is formatted correctly for the given extension type.
458
459There are two ways to encode arbitrary extensions.
460
461The first way is to use the word ASN1 followed by the extension content
462using the same syntax as L<ASN1_generate_nconf(3)>.
463For example:
464
465 1.2.3.4=critical,ASN1:UTF8String:Some random data
466
467 1.2.3.4=ASN1:SEQUENCE:seq_sect
468
469 [seq_sect]
470
471 field1 = UTF8:field1
472 field2 = UTF8:field2
473
474It is also possible to use the word DER to include the raw encoded data in any
475extension.
476
477 1.2.3.4=critical,DER:01:02:03:04
478 1.2.3.4=DER:01020304
479
480The value following DER is a hex dump of the DER encoding of the extension
481Any extension can be placed in this form to override the default behaviour.
482For example:
483
484 basicConstraints=critical,DER:00:01:02:03
485
486=head1 WARNINGS
487
488There is no guarantee that a specific implementation will process a given
489extension. It may therefore be sometimes possible to use certificates for
490purposes prohibited by their extensions because a specific application does
491not recognize or honour the values of the relevant extensions.
492
493The DER and ASN1 options should be used with caution. It is possible to create
494totally invalid extensions if they are not used carefully.
495
496=head1 NOTES
497
498If an extension is multi-value and a field value must contain a comma the long
499form must be used otherwise the comma would be misinterpreted as a field
500separator. For example:
501
502 subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
503
504will produce an error but the equivalent form:
505
506 subjectAltName=@subject_alt_section
507
508 [subject_alt_section]
509 subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
510
511is valid.
512
513Due to the behaviour of the OpenSSL B<conf> library the same field name
514can only occur once in a section. This means that:
515
516 subjectAltName=@alt_section
517
518 [alt_section]
519
520 email=steve@here
521 email=steve@there
522
523will only recognize the last value. This can be worked around by using the form:
524
525 [alt_section]
526
527 email.1=steve@here
528 email.2=steve@there
529
530=head1 SEE ALSO
531
532L<req(1)>, L<ca(1)>, L<x509(1)>,
533L<ASN1_generate_nconf(3)>
534
535=head1 COPYRIGHT
536
537Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
538
539Licensed under the OpenSSL license (the "License").  You may not use
540this file except in compliance with the License.  You can obtain a copy
541in the file LICENSE in the source distribution or at
542L<https://www.openssl.org/source/license.html>.
543
544=cut
545