Lines Matching refs:certificate
88 This command is a multi-purposes certificate handling command.
89 It can be used to print certificate information,
90 convert certificates to various forms, edit certificate trust settings,
113 This specifies the input to read a certificate from
114 or the input file for reading a certificate request if the B<-req> flag is used.
121 The key and certificate file password source.
127 Generate a certificate from scratch, not using an input certificate
128 or certificate request.
137 Output a PKCS#10 certificate request (rather than a certificate).
141 X.509 extensions included in a certificate input are not copied by default.
146 By default a certificate is expected on input.
147 With this option a PKCS#10 certificate request is expected instead,
156 when converting from a certificate to a request using the B<-x509toreq> option
157 or converting from a request to a certificate using the B<-req> option.
161 are not taken over when producing a certificate request.
177 This option provides the private key for signing a new certificate or
178 certificate request.
180 the new certificate or certificate request, resulting in a self-signature.
211 Do not output a certificate (except for printing as requested by below options).
233 Prints out the certificate in text form. Full details are printed including the
247 certificate (see digest options).
249 digests, the fingerprint of a certificate is unique to that certificate and
254 Prints the certificate "alias" (nickname), if any.
258 Prints the certificate serial number.
262 Prints out the start date of the certificate, that is the notBefore date.
266 Prints out the expiry date of the certificate, that is the notAfter date.
270 Prints out the start and expiry dates of a certificate.
292 Prints the "hash" of the certificate subject name. This is used in OpenSSL to
298 Prints the "hash" of the certificate subject name using the older algorithm
303 Prints the "hash" of the certificate issuer name.
307 Prints the "hash" of the certificate issuer name using the older algorithm
312 Prints out the certificate extensions in text form.
328 This option performs tests on the certificate extensions and outputs
334 Prints the certificate's SubjectPublicKeyInfo block in PEM format.
339 contained in the certificate.
349 Checks if the certificate expires within the next I<arg> seconds and exits
354 Check that the certificate matches the specified host.
358 Check that the certificate matches the specified email address.
362 Check that the certificate matches the specified IP address.
381 Set the serial to be one more than the number in the certificate.
406 Specifies the number of days from today until a newly generated certificate expires.
414 When signing a certificate, preserve "notBefore" and "notAfter" dates of any
415 input certificate instead of adjusting them to current time and duration.
420 When a certificate is created set its issuer name to the given value.
426 When a certificate is created set its subject name to the given value.
427 When the certificate is self-signed the issuer name is set to the same value,
433 in the certificate.
442 a new certificate without providing an input certificate or certificate request.
450 When a new certificate or certificate request is created
457 to directly generate a certificate containing any desired public key.
464 When transforming a certificate to a new certificate
465 by default all certificate extensions are retained.
467 When transforming a certificate or certificate request,
469 In any case, when producing a certificate request,
474 Configuration file containing certificate and request X.509 extensions to add.
518 Specifies the "CA" certificate to be used for signing.
520 The subject name of the "CA" certificate is placed as issuer name in the new
521 certificate, which is then signed using the "CA" key given as detailed below.
525 Without the B<-req> option the input must be an existing certificate
526 unless the B<-new> option is given, which generates a certificate from scratch.
530 The format for the CA certificate; unspecified by default.
535 Sets the CA private key to sign a certificate with.
536 The private key must match the public key of the certificate given with B<-CA>.
548 When creating a certificate with this option and with the B<-CA> option,
549 the certificate serial number is stored in the given file.
554 The default filename consists of the CA certificate file base name with
555 F<.srl> appended. For example if the CA certificate file is called
567 A random number is generated, used for the certificate,
574 A B<trusted certificate> is an ordinary certificate which has several
576 and prohibited uses of the certificate and possibly an "alias" (nickname).
578 Normally when a certificate is being verified at least one certificate
579 must be "trusted". By default a trusted certificate must be stored
580 locally and must be a root CA: any certificate chain ending in this CA
591 certificate: not just root CAs.
597 Mark any certificate PEM output as <trusted> certificate rather than ordinary.
598 An ordinary or trusted certificate can be input but by default an ordinary
599 certificate is output and any trust settings are discarded.
600 With the B<-trustout> option a trusted certificate is output. A trusted
601 certificate is automatically output if any trust settings are modified.
605 Sets the "alias" of the certificate. This will allow the certificate
610 Clears all the permitted or trusted uses of the certificate.
614 Adds a trusted certificate use.
623 Clears all the prohibited or rejected uses of the certificate.
691 Don't give a hexadecimal dump of the certificate signature.
695 Don't print out certificate trust information.
704 certificate extensions.
708 Print an error message for unsupported certificate extensions.
730 Print the contents of a certificate:
734 Print the "Subject Alternative Name" extension of a certificate:
738 Print more extensions of a certificate:
742 Print the certificate serial number:
746 Print the certificate subject name:
750 Print the certificate subject name in RFC2253 form:
754 Print the certificate subject name in oneline form on a terminal
759 Print the certificate SHA1 fingerprint:
763 Convert a certificate from PEM to DER format:
767 Convert a certificate to a certificate request:
771 Convert a certificate request into a self-signed certificate using
777 Sign a certificate request using the CA certificate above and add user
778 certificate extensions:
783 Set a certificate to be trusted for SSL client use and change set its alias to
