16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
78 into B<ctx>. The formatting B<type> of the certificate must be specified
80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
86 be sorted starting with the subject's certificate (actual client or server
87 certificate), followed by intermediate CA certificates if applicable, and
89 similar except it loads the certificate chain into B<ssl>.
95 If a certificate has already been set and the private key does not belong
96 to the certificate an error is returned. To change a [certificate/private-key]
97 pair, the new certificate needs to be set first with SSL_use_certificate() or
103 certificate B<x>, private key B<key>, and certificate B<chain> onto the
105 key of the X.509 certificate B<x>. If the B<override> argument is 0, then
107 If B<override> is non-0, then the certificate, private key and chain certs
132 the corresponding certificate loaded into B<ctx>. If more than one
133 key/certificate pair (RSA/DSA) is installed, the last item installed will
134 be checked. If e.g. the last item was an RSA certificate or key, the RSA
135 key/certificate pair will be checked. SSL_check_private_key() performs
136 the same check for B<ssl>. If no key/certificate was explicitly added for
141 The internal certificate store of OpenSSL can hold several private
142 key/certificate pairs at a time. The certificate used depends on the
147 one certificate or private key, consequently
151 SSL_CTX_use_certificate_chain_file() adds the first certificate found
152 in the file to the certificate store. The other certificates are added
155 certificate chain store for all certificate types, OpenSSL 1.0.2 and later
158 to allow the use of complete certificate chains even when no trusted CA
159 storage is used or when the CA issuing the certificate shall not be added to
172 of view, it however does not make sense as the data in the certificate
175 All of the functions to set a new certificate will replace any existing
176 certificate of the same type that has already been set. Similarly all of the
179 L<SSL_check_private_key(3)> as appropriate after loading a new certificate and
180 private key to confirm that the certificate and key match.

Last Index update Fri Nov 29 22:08:30 UTC 2024

Dedicated to & Maintained by Room-11