Loading doc/man/ca.pod +14 −0 Original line number Original line Diff line number Diff line Loading @@ -202,6 +202,20 @@ any) used. =over 4 =over 4 =item B<oid_file> This specifies a file containing additional B<OBJECT IDENTIFIERS>. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name. =item B<oid_section> This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by B<=> and the numerical form. The short and long names are the same when this option is used. =item B<new_certs_dir> =item B<new_certs_dir> the same as the B<-outdir> command line option. It specifies the same as the B<-outdir> command line option. It specifies Loading doc/man/crl2pkcs7.pod 0 → 100644 +90 −0 Original line number Original line Diff line number Diff line =pod =head1 NAME crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. =head1 SYNOPSIS B<openssl> B<pkcs7> [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-out filename>] [B<-print_certs>] =head1 DESCRIPTION The B<crl2pkcs7> command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate "certificates only" structure. =head1 COMMAND OPTIONS =over 4 =item B<-inform DER|PEM> This specifies the CRL input format. B<DER> format is DER encoded CRL structure.B<PEM> (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-outform DER|PEM> This specifies the PKCS#7 structure output format. B<DER> format is DER encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-in filename> This specifies the input filename to read a CRL from or standard input if this option is not specified. =item B<-out filename> specifies the output filename to write the PKCS#7 structure to or standard output by default. =item B<-certfile filename> specifies a filename containing one or more certificates in B<PEM> format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files. =item B<-nocrl> normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file. =back =head1 EXAMPLES Create a PKCS#7 structure from a certificate and CRL: openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem Creates a PKCS#7 structure in DER format with no CRL from several different certificates: openssl crl2pkcs7 -nocrl -certfile newcert.pem -certfile demoCA/cacert.pem -outform DER -out p7.der =head1 NOTES The output file is a PKCS#7 signed data structure containing no signers and just certificates and an optional CRL. This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the DER encoded output as MIME type application/x-x509-user-cert. The B<PEM> encoded form with the header and footer lines removed can be used to install user certificates and CAs in MSIE using the Xenroll control. =head1 SEE ALSO pkcs7(1) =cut doc/man/pkcs7.pod 0 → 100644 +73 −0 Original line number Original line Diff line number Diff line =pod =head1 NAME pkcs7 - PKCS#7 utility =head1 SYNOPSIS B<openssl> B<pkcs7> [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-out filename>] [B<-print_certs>] =head1 DESCRIPTION The B<pkcs7> command processes PKCS#7 files in DER or PEM format. =head1 COMMAND OPTIONS =over 4 =item B<-inform DER|PEM> This specifies the input format. B<DER> format is DER encoded PKCS#7 v1.5 structure.B<PEM> (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-outform DER|PEM> This specifies the output format, the options have the same meaning as the B<-inform> option. =item B<-in filename> This specifies the input filename to read from or standard input if this option is not specified. =item B<-out filename> specifies the output filename to write to or standard output by default. =item B<-print_certs> prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. =back =head1 EXAMPLES Convert a PKCS#7 file from PEM to DER: openssl pkcs7 -in file.pem -outform DER -out file.der Output all certificates in a file: openssl pkcs7 -in file.pem -print_certs -out certs.pem =head1 RESTRICTIONS There is no option to print out all the fields of a PKCS#7 file. This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they cannot currently parse, for example, the new CMS as described in RFCXXXX. =head1 SEE ALSO crl2pkcs7(1) =cut doc/man/req.pod +56 −7 Original line number Original line Diff line number Diff line Loading @@ -203,8 +203,8 @@ by white space and finally the long name. =item B<oid_section> =item B<oid_section> This specifies a section in the configuration file containing extra This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the numerical form object identifiers. Each line should consist of the short name of the of the object identifier followed by B<=> and its name. The short object identifier followed by B<=> and the numerical form. The short and long names are the same when this option is used. and long names are the same when this option is used. =item B<RANDFILE> =item B<RANDFILE> Loading Loading @@ -320,6 +320,55 @@ Generate a self signed root certificate: openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem Example of a file pointed to by the B<oid_file> option: 1.2.3.4 shortName A longer Name 1.2.3.6 otherName Other longer Name Example of a section pointed to by B<oid_section> making use of variable expansion: testoid1=1.2.3.5 testoid2=${testoid1}.6 Sample configuration file: [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca dirstring_type = nobmp [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 localityName = Locality Name (eg, city) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true =head1 NOTES =head1 NOTES The header and footer lines in the B<PEM> format contain the words The header and footer lines in the B<PEM> format contain the words Loading Loading
doc/man/ca.pod +14 −0 Original line number Original line Diff line number Diff line Loading @@ -202,6 +202,20 @@ any) used. =over 4 =over 4 =item B<oid_file> This specifies a file containing additional B<OBJECT IDENTIFIERS>. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name. =item B<oid_section> This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by B<=> and the numerical form. The short and long names are the same when this option is used. =item B<new_certs_dir> =item B<new_certs_dir> the same as the B<-outdir> command line option. It specifies the same as the B<-outdir> command line option. It specifies Loading
doc/man/crl2pkcs7.pod 0 → 100644 +90 −0 Original line number Original line Diff line number Diff line =pod =head1 NAME crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. =head1 SYNOPSIS B<openssl> B<pkcs7> [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-out filename>] [B<-print_certs>] =head1 DESCRIPTION The B<crl2pkcs7> command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate "certificates only" structure. =head1 COMMAND OPTIONS =over 4 =item B<-inform DER|PEM> This specifies the CRL input format. B<DER> format is DER encoded CRL structure.B<PEM> (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-outform DER|PEM> This specifies the PKCS#7 structure output format. B<DER> format is DER encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-in filename> This specifies the input filename to read a CRL from or standard input if this option is not specified. =item B<-out filename> specifies the output filename to write the PKCS#7 structure to or standard output by default. =item B<-certfile filename> specifies a filename containing one or more certificates in B<PEM> format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files. =item B<-nocrl> normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file. =back =head1 EXAMPLES Create a PKCS#7 structure from a certificate and CRL: openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem Creates a PKCS#7 structure in DER format with no CRL from several different certificates: openssl crl2pkcs7 -nocrl -certfile newcert.pem -certfile demoCA/cacert.pem -outform DER -out p7.der =head1 NOTES The output file is a PKCS#7 signed data structure containing no signers and just certificates and an optional CRL. This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the DER encoded output as MIME type application/x-x509-user-cert. The B<PEM> encoded form with the header and footer lines removed can be used to install user certificates and CAs in MSIE using the Xenroll control. =head1 SEE ALSO pkcs7(1) =cut
doc/man/pkcs7.pod 0 → 100644 +73 −0 Original line number Original line Diff line number Diff line =pod =head1 NAME pkcs7 - PKCS#7 utility =head1 SYNOPSIS B<openssl> B<pkcs7> [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-out filename>] [B<-print_certs>] =head1 DESCRIPTION The B<pkcs7> command processes PKCS#7 files in DER or PEM format. =head1 COMMAND OPTIONS =over 4 =item B<-inform DER|PEM> This specifies the input format. B<DER> format is DER encoded PKCS#7 v1.5 structure.B<PEM> (the default) is a base64 encoded version of the DER form with header and footer lines. =item B<-outform DER|PEM> This specifies the output format, the options have the same meaning as the B<-inform> option. =item B<-in filename> This specifies the input filename to read from or standard input if this option is not specified. =item B<-out filename> specifies the output filename to write to or standard output by default. =item B<-print_certs> prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. =back =head1 EXAMPLES Convert a PKCS#7 file from PEM to DER: openssl pkcs7 -in file.pem -outform DER -out file.der Output all certificates in a file: openssl pkcs7 -in file.pem -print_certs -out certs.pem =head1 RESTRICTIONS There is no option to print out all the fields of a PKCS#7 file. This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they cannot currently parse, for example, the new CMS as described in RFCXXXX. =head1 SEE ALSO crl2pkcs7(1) =cut
doc/man/req.pod +56 −7 Original line number Original line Diff line number Diff line Loading @@ -203,8 +203,8 @@ by white space and finally the long name. =item B<oid_section> =item B<oid_section> This specifies a section in the configuration file containing extra This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the numerical form object identifiers. Each line should consist of the short name of the of the object identifier followed by B<=> and its name. The short object identifier followed by B<=> and the numerical form. The short and long names are the same when this option is used. and long names are the same when this option is used. =item B<RANDFILE> =item B<RANDFILE> Loading Loading @@ -320,6 +320,55 @@ Generate a self signed root certificate: openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem Example of a file pointed to by the B<oid_file> option: 1.2.3.4 shortName A longer Name 1.2.3.6 otherName Other longer Name Example of a section pointed to by B<oid_section> making use of variable expansion: testoid1=1.2.3.5 testoid2=${testoid1}.6 Sample configuration file: [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca dirstring_type = nobmp [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 localityName = Locality Name (eg, city) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true =head1 NOTES =head1 NOTES The header and footer lines in the B<PEM> format contain the words The header and footer lines in the B<PEM> format contain the words Loading
