Loading doc/man/dsa.pod +7 −0 Original line number Diff line number Diff line Loading @@ -117,6 +117,13 @@ a public key. =back =head1 NOTES The PEM private key format uses the header and footer lines: -----BEGIN DSA PRIVATE KEY----- -----END DSA PRIVATE KEY----- =head1 EXAMPLES To remove the pass phrase on a DSA private key: Loading doc/man/dsaparam.pod +5 −0 Original line number Diff line number Diff line Loading @@ -82,6 +82,11 @@ the input file (if any) is ignored. =head1 NOTES PEM format DSA parameters use the header and footer lines: -----BEGIN DSA PARAMETERS----- -----END DSA PARAMETERS----- DSA parameter generation is a slow process and as a result the same set of DSA parameters is often used to generate several distinct keys. Loading doc/man/nseq.pod 0 → 100644 +70 −0 Original line number Diff line number Diff line =pod =head1 NAME nseq - create or examine a netscape certificate sequence =head1 SYNOPSIS B<openssl> B<nseq> [B<-in filename>] [B<-out filename>] [B<-toseq>] =head1 DESCRIPTION The B<nseq> command takes a file containing a Netscape certificate sequence and prints out the certificates contained in it or takes a file of certificates and converts it into a Netscape certificate sequence. =head1 COMMAND OPTIONS =over 4 =item B<-in filename> This specifies the input filename to read or standard input if this option is not specified. =item B<-out filename> specifies the output filename or standard output by default. =item B<-toseq> normally a Netscape certificate sequence will be input and the output is the certificates contained in it. With the B<-toseq> option the situation is reversed: a Netscape certificate sequence is created from a file of certificates. =back =head1 EXAMPLES Output the certificates in a Netscape certificate sequence openssl nseq -in nseq.pem -out certs.pem Create a Netscape certificate sequence openssl nseq -in certs.pem -toseq -out nseq.pem =head1 NOTES The B<PEM> encoded form uses the same headers and footers as a certificate: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- A Netscape certificate sequence is a Netscape specific form that can be sent to browsers as an alternative to the standard PKCS#7 format when several certificates are sent to the browser: for example during certificate erollment. It is used by Netscape certificate server for example. =head1 BUGS This program needs a few more options: like allowing DER or PEM input and output files and allowing multiple certificate files to be used. =cut doc/man/pkcs8.pod +11 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,17 @@ B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used. =head1 NOTES The encrypted form of a PEM encode PKCS#8 files uses the following headers and footers: -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- The unencrypted form uses: -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered Loading doc/man/req.pod +11 −5 Original line number Diff line number Diff line Loading @@ -371,11 +371,17 @@ Sample configuration file: =head1 NOTES The header and footer lines in the B<PEM> format contain the words B<BEGIN CERTIFICATE REQUEST> and B<END CERTIFICATE REQUEST> some software (for example some versions of Netscape certificate server) requires the words B<BEGIN NEW CERTIFICATE REQUEST> and B<END NEW CERTIFICATE REQUEST> instead. The header and footer lines in the B<PEM> format are respectively: -----BEGIN CERTIFICATE REQUEST---- -----END CERTIFICATE REQUEST---- some software (some versions of Netscape certificate server) instead needs: -----BEGIN NEW CERTIFICATE REQUEST---- -----END NEW CERTIFICATE REQUEST---- but is otherwise compatible. Either form is accepted on input. The certificate requests generated by B<Xenroll> with MSIE have extensions added. It includes the B<keyUsage> extension which determines the type of Loading Loading
doc/man/dsa.pod +7 −0 Original line number Diff line number Diff line Loading @@ -117,6 +117,13 @@ a public key. =back =head1 NOTES The PEM private key format uses the header and footer lines: -----BEGIN DSA PRIVATE KEY----- -----END DSA PRIVATE KEY----- =head1 EXAMPLES To remove the pass phrase on a DSA private key: Loading
doc/man/dsaparam.pod +5 −0 Original line number Diff line number Diff line Loading @@ -82,6 +82,11 @@ the input file (if any) is ignored. =head1 NOTES PEM format DSA parameters use the header and footer lines: -----BEGIN DSA PARAMETERS----- -----END DSA PARAMETERS----- DSA parameter generation is a slow process and as a result the same set of DSA parameters is often used to generate several distinct keys. Loading
doc/man/nseq.pod 0 → 100644 +70 −0 Original line number Diff line number Diff line =pod =head1 NAME nseq - create or examine a netscape certificate sequence =head1 SYNOPSIS B<openssl> B<nseq> [B<-in filename>] [B<-out filename>] [B<-toseq>] =head1 DESCRIPTION The B<nseq> command takes a file containing a Netscape certificate sequence and prints out the certificates contained in it or takes a file of certificates and converts it into a Netscape certificate sequence. =head1 COMMAND OPTIONS =over 4 =item B<-in filename> This specifies the input filename to read or standard input if this option is not specified. =item B<-out filename> specifies the output filename or standard output by default. =item B<-toseq> normally a Netscape certificate sequence will be input and the output is the certificates contained in it. With the B<-toseq> option the situation is reversed: a Netscape certificate sequence is created from a file of certificates. =back =head1 EXAMPLES Output the certificates in a Netscape certificate sequence openssl nseq -in nseq.pem -out certs.pem Create a Netscape certificate sequence openssl nseq -in certs.pem -toseq -out nseq.pem =head1 NOTES The B<PEM> encoded form uses the same headers and footers as a certificate: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- A Netscape certificate sequence is a Netscape specific form that can be sent to browsers as an alternative to the standard PKCS#7 format when several certificates are sent to the browser: for example during certificate erollment. It is used by Netscape certificate server for example. =head1 BUGS This program needs a few more options: like allowing DER or PEM input and output files and allowing multiple certificate files to be used. =cut
doc/man/pkcs8.pod +11 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,17 @@ B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used. =head1 NOTES The encrypted form of a PEM encode PKCS#8 files uses the following headers and footers: -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- The unencrypted form uses: -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered Loading
doc/man/req.pod +11 −5 Original line number Diff line number Diff line Loading @@ -371,11 +371,17 @@ Sample configuration file: =head1 NOTES The header and footer lines in the B<PEM> format contain the words B<BEGIN CERTIFICATE REQUEST> and B<END CERTIFICATE REQUEST> some software (for example some versions of Netscape certificate server) requires the words B<BEGIN NEW CERTIFICATE REQUEST> and B<END NEW CERTIFICATE REQUEST> instead. The header and footer lines in the B<PEM> format are respectively: -----BEGIN CERTIFICATE REQUEST---- -----END CERTIFICATE REQUEST---- some software (some versions of Netscape certificate server) instead needs: -----BEGIN NEW CERTIFICATE REQUEST---- -----END NEW CERTIFICATE REQUEST---- but is otherwise compatible. Either form is accepted on input. The certificate requests generated by B<Xenroll> with MSIE have extensions added. It includes the B<keyUsage> extension which determines the type of Loading
