Loading apps/ca.c +1 −0 Original line number Diff line number Diff line Loading @@ -169,6 +169,7 @@ static char *ca_usage[]={ " -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", " -selfsign - sign a certificate with the key associated with it\n", " -in file - The input PEM encoded certificate request(s)\n", " -out file - Where to put the output file(s)\n", " -outdir dir - Where to put output certificates\n", Loading doc/apps/ca.pod +25 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ B<openssl> B<ca> [B<-key arg>] [B<-passin arg>] [B<-cert file>] [B<-selfsign>] [B<-in file>] [B<-out file>] [B<-notext>] Loading Loading @@ -113,6 +114,20 @@ the password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. =item B<-selfsign> indicates the issued certificates are to be signed with the key the certificate requests were signed with (given with B<-keyfile>). Cerificate requests signed with a different key are ignored. If B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is ignored. A consequence of using B<-selfsign> is that the self-signed certificate appears among the entries in the certificate database (see the configuration option B<database>), and uses the same serial number counter as all other certificates sign with the self-signed certificate. =item B<-passin arg> the key password source. For more information about the format of B<arg> Loading Loading @@ -359,6 +374,16 @@ the same as the B<-md> option. The message digest to use. Mandatory. the text database file to use. Mandatory. This file must be present though initially it will be empty. =item B<unique_subject> if the value B<yes> is given, the valid certificate entries in the database must have unique subjects. if the value B<no> is given, several valid certificate entries may have the exact same subject. The default value is B<yes>, to be compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B<no>, especially if combined with the B<-selfsign> command line option. =item B<serialfile> a text file containing the next serial number to use in hex. Mandatory. Loading Loading
apps/ca.c +1 −0 Original line number Diff line number Diff line Loading @@ -169,6 +169,7 @@ static char *ca_usage[]={ " -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", " -selfsign - sign a certificate with the key associated with it\n", " -in file - The input PEM encoded certificate request(s)\n", " -out file - Where to put the output file(s)\n", " -outdir dir - Where to put output certificates\n", Loading
doc/apps/ca.pod +25 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ B<openssl> B<ca> [B<-key arg>] [B<-passin arg>] [B<-cert file>] [B<-selfsign>] [B<-in file>] [B<-out file>] [B<-notext>] Loading Loading @@ -113,6 +114,20 @@ the password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. =item B<-selfsign> indicates the issued certificates are to be signed with the key the certificate requests were signed with (given with B<-keyfile>). Cerificate requests signed with a different key are ignored. If B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is ignored. A consequence of using B<-selfsign> is that the self-signed certificate appears among the entries in the certificate database (see the configuration option B<database>), and uses the same serial number counter as all other certificates sign with the self-signed certificate. =item B<-passin arg> the key password source. For more information about the format of B<arg> Loading Loading @@ -359,6 +374,16 @@ the same as the B<-md> option. The message digest to use. Mandatory. the text database file to use. Mandatory. This file must be present though initially it will be empty. =item B<unique_subject> if the value B<yes> is given, the valid certificate entries in the database must have unique subjects. if the value B<no> is given, several valid certificate entries may have the exact same subject. The default value is B<yes>, to be compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B<no>, especially if combined with the B<-selfsign> command line option. =item B<serialfile> a text file containing the next serial number to use in hex. Mandatory. Loading
