proxy-certificates.pod - OpenGrok cross reference for /openssl/doc/man7/proxy-certificates.pod

Lines Matching refs:proxy
7 proxy-certificates - Proxy certificates in OpenSSL
16 The requirements for a valid proxy certificate are:
23 another proxy certificate.
41 =head2 Enabling proxy certificate verification
43 OpenSSL expects applications that want to use proxy certificates to be
55 =head2 Creating proxy certificates
57 Creating proxy certificates can be done using the L<openssl-x509(1)>
60     [ proxy ]
61     # A proxy certificate MUST NEVER be a CA certificate.
65     # The extension which marks this certificate as a proxy
68 It's also possible to specify the proxy extension in a separate section:
104 Note that the proxy policy value is what determines the rights granted
105 to the process during the proxy certificate, and it is up to the
108 With a proxy extension, creating a proxy certificate is a matter of
111     openssl req -new -config proxy.cnf \
112         -out proxy.req -keyout proxy.key \
113         -subj "/DC=org/DC=openssl/DC=users/CN=proxy"
115     openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \
117         -extfile proxy.cnf -extensions proxy
119 You can also create a proxy certificate using another proxy
121 configuration section for the proxy extensions:
123     openssl req -new -config proxy.cnf \
125         -subj "/DC=org/DC=openssl/DC=users/CN=proxy/CN=proxy 2"
128         -CA proxy.crt -CAkey proxy.key -days 7 \
129         -extfile proxy.cnf -extensions proxy_2
131 =head2 Using proxy certs in applications
133 To interpret proxy policies, the application would normally start with
135 rights by checking the rights against the chain of proxy certificates,
149 so you must be careful to do the proxy policy interpretation at the
212              * It's REALLY important you keep the proxy policy check
217              * certificate, followed by the possible proxy
233                      * to this particular proxy certificate, usually
236                      * this and any subsequent proxy certificate void
254                      * the rights granted by the current proxy
331 To this date, it seems that proxy certificates have only been used in
336 For that reason, OpenSSL requires that applications aware of proxy
339 B<subjectAltName> and B<issuerAltName> are forbidden in proxy