1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-ca - sample minimal CA application 7 8=head1 SYNOPSIS 9 10B<openssl> B<ca> 11[B<-help>] 12[B<-verbose>] 13[B<-quiet>] 14[B<-config> I<filename>] 15[B<-name> I<section>] 16[B<-section> I<section>] 17[B<-gencrl>] 18[B<-revoke> I<file>] 19[B<-valid> I<file>] 20[B<-status> I<serial>] 21[B<-updatedb>] 22[B<-crl_reason> I<reason>] 23[B<-crl_hold> I<instruction>] 24[B<-crl_compromise> I<time>] 25[B<-crl_CA_compromise> I<time>] 26[B<-crl_lastupdate> I<date>] 27[B<-crl_nextupdate> I<date>] 28[B<-crldays> I<days>] 29[B<-crlhours> I<hours>] 30[B<-crlsec> I<seconds>] 31[B<-crlexts> I<section>] 32[B<-startdate> I<date>] 33[B<-not_before> I<date>] 34[B<-enddate> I<date>] 35[B<-not_after> I<date>] 36[B<-days> I<arg>] 37[B<-md> I<arg>] 38[B<-policy> I<arg>] 39[B<-keyfile> I<filename>|I<uri>] 40[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 41[B<-key> I<arg>] 42[B<-passin> I<arg>] 43[B<-cert> I<file>] 44[B<-certform> B<DER>|B<PEM>|B<P12>] 45[B<-selfsign>] 46[B<-in> I<file>] 47[B<-inform> B<DER>|<PEM>] 48[B<-out> I<file>] 49[B<-notext>] 50[B<-dateopt>] 51[B<-outdir> I<dir>] 52[B<-infiles>] 53[B<-spkac> I<file>] 54[B<-ss_cert> I<file>] 55[B<-preserveDN>] 56[B<-noemailDN>] 57[B<-batch>] 58[B<-msie_hack>] 59[B<-extensions> I<section>] 60[B<-extfile> I<section>] 61[B<-subj> I<arg>] 62[B<-utf8>] 63[B<-sigopt> I<nm>:I<v>] 64[B<-vfyopt> I<nm>:I<v>] 65[B<-create_serial>] 66[B<-rand_serial>] 67[B<-multivalue-rdn>] 68{- $OpenSSL::safe::opt_r_synopsis -} 69{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} 70[I<certreq>...] 71 72=head1 DESCRIPTION 73 74This command emulates a CA application. 75See the B<WARNINGS> especially when considering to use it productively. 76 77It generates certificates bearing X.509 version 3. 78Unless specified otherwise, 79key identifier extensions are included as described in L<x509v3_config(5)>. 80 81It can be used to sign certificate requests (CSRs) in a variety of forms 82and generate certificate revocation lists (CRLs). 83It also maintains a text database of issued certificates and their status. 84When signing certificates, a single request can be specified 85with the B<-in> option, or multiple requests can be processed by 86specifying a set of B<certreq> files after all options. 87 88Note that there are also very lean ways of generating certificates: 89the B<req> and B<x509> commands can be used for directly creating certificates. 90See L<openssl-req(1)> and L<openssl-x509(1)> for details. 91 92The descriptions of the B<ca> command options are divided into each purpose. 93 94=head1 OPTIONS 95 96=over 4 97 98=item B<-help> 99 100Print out a usage message. 101 102=item B<-verbose> 103 104This prints extra details about the operations being performed. 105 106=item B<-quiet> 107 108This prints fewer details about the operations being performed, which may 109be handy during batch scripts or pipelines. 110 111=item B<-config> I<filename> 112 113Specifies the configuration file to use. 114Optional; for a description of the default value, 115see L<openssl(1)/COMMAND SUMMARY>. 116 117=item B<-name> I<section>, B<-section> I<section> 118 119Specifies the configuration file section to use (overrides 120B<default_ca> in the B<ca> section). 121 122=item B<-in> I<filename> 123 124An input filename containing a single certificate request (CSR) to be 125signed by the CA. 126 127=item B<-inform> B<DER>|B<PEM> 128 129The format to use when loading certificate request (CSR) input files; 130by default PEM is tried first. 131See L<openssl-format-options(1)> for details. 132 133=item B<-ss_cert> I<filename> 134 135A single self-signed certificate to be signed by the CA. 136 137=item B<-spkac> I<filename> 138 139A file containing a single Netscape signed public key and challenge 140and additional field values to be signed by the CA. See the B<SPKAC FORMAT> 141section for information on the required input and output format. 142 143=item B<-infiles> 144 145If present this should be the last option, all subsequent arguments 146are taken as the names of files containing certificate requests. 147 148=item B<-out> I<filename> 149 150The output file to output certificates to. The default is standard 151output. The certificate details will also be printed out to this 152file in PEM format (except that B<-spkac> outputs DER format). 153 154=item B<-outdir> I<directory> 155 156The directory to output certificates to. The certificate will be 157written to a filename consisting of the serial number in hex with 158F<.pem> appended. 159 160=item B<-cert> I<filename> 161 162The CA certificate, which must match with B<-keyfile>. 163 164=item B<-certform> B<DER>|B<PEM>|B<P12> 165 166The format of the data in certificate input files; unspecified by default. 167See L<openssl-format-options(1)> for details. 168 169=item B<-keyfile> I<filename>|I<uri> 170 171The CA private key to sign certificate requests with. 172This must match with B<-cert>. 173 174=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 175 176The format of the private key input file; unspecified by default. 177See L<openssl-format-options(1)> for details. 178 179=item B<-sigopt> I<nm>:I<v> 180 181Pass options to the signature algorithm during sign operations. 182Names and values of these options are algorithm-specific. 183 184=item B<-vfyopt> I<nm>:I<v> 185 186Pass options to the signature algorithm during verify operations. 187Names and values of these options are algorithm-specific. 188 189This often needs to be given while signing too, because the self-signature of 190a certificate signing request (CSR) is verified against the included public key, 191and that verification may need its own set of options. 192 193=item B<-key> I<password> 194 195=for openssl foreign manual ps(1) 196 197The password used to encrypt the private key. Since on some 198systems the command line arguments are visible (e.g., when using 199L<ps(1)> on Unix), 200this option should be used with caution. 201Better use B<-passin>. 202 203=item B<-passin> I<arg> 204 205The key password source for key files and certificate PKCS#12 files. 206For more information about the format of B<arg> 207see L<openssl-passphrase-options(1)>. 208 209=item B<-selfsign> 210 211Indicates the issued certificates are to be signed with the key 212the certificate requests were signed with (given with B<-keyfile>). 213Certificate requests signed with a different key are ignored. 214If B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is ignored. 215 216A consequence of using B<-selfsign> is that the self-signed 217certificate appears among the entries in the certificate database 218(see the configuration option B<database>), and uses the same 219serial number counter as all other certificates sign with the 220self-signed certificate. 221 222=item B<-notext> 223 224Don't output the text form of a certificate to the output file. 225 226=item B<-dateopt> 227 228Specify the date output format. Values are: rfc_822 and iso_8601. 229Defaults to rfc_822. 230 231=item B<-startdate> I<date>, B<-not_before> I<date> 232 233This allows the start date to be explicitly set. The format of the 234date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or 235YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In 236both formats, seconds SS and timezone Z must be present. 237Alternatively, you can also use "today". 238 239=item B<-enddate> I<date>, B<-not_after> I<date> 240 241This allows the expiry date to be explicitly set. The format of the 242date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or 243YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In 244both formats, seconds SS and timezone Z must be present. 245Alternatively, you can also use "today". 246 247This overrides the B<-days> option. 248 249=item B<-days> I<arg> 250 251The number of days from today to certify the certificate for. 252 253Regardless of the option B<-not_before>, the days are always counted from 254today. 255When used together with the option B<-not_after>/B<-startdate>, the explicit 256expiry date takes precedence. 257 258=item B<-md> I<alg> 259 260The message digest to use. 261Any digest supported by the L<openssl-dgst(1)> command can be used. For signing 262algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message 263digest that is set is ignored. This option also applies to CRLs. 264 265=item B<-policy> I<arg> 266 267This option defines the CA "policy" to use. This is a section in 268the configuration file which decides which fields should be mandatory 269or match the CA certificate. Check out the B<POLICY FORMAT> section 270for more information. 271 272=item B<-msie_hack> 273 274This is a deprecated option to make this command work with very old versions 275of the IE certificate enrollment control "certenr3". It used UniversalStrings 276for almost everything. Since the old control has various security bugs 277its use is strongly discouraged. 278 279=item B<-preserveDN> 280 281Normally the DN order of a certificate is the same as the order of the 282fields in the relevant policy section. When this option is set the order 283is the same as the request. This is largely for compatibility with the 284older IE enrollment control which would only accept certificates if their 285DNs match the order of the request. This is not needed for Xenroll. 286 287=item B<-noemailDN> 288 289The DN of a certificate can contain the EMAIL field if present in the 290request DN, however, it is good policy just having the e-mail set into 291the altName extension of the certificate. When this option is set the 292EMAIL field is removed from the certificate' subject and set only in 293the, eventually present, extensions. The B<email_in_dn> keyword can be 294used in the configuration file to enable this behaviour. 295 296=item B<-batch> 297 298This sets the batch mode. In this mode no questions will be asked 299and all certificates will be certified automatically. 300 301=item B<-extensions> I<section> 302 303The section of the configuration file containing certificate extensions 304to be added when a certificate is issued (defaults to B<x509_extensions> 305unless the B<-extfile> option is used). 306 307See the L<x509v3_config(5)> manual page for details of the 308extension section format. 309 310=item B<-extfile> I<file> 311 312An additional configuration file to read certificate extensions from 313(using the default section unless the B<-extensions> option is also 314used). 315 316=item B<-subj> I<arg> 317 318Supersedes subject name given in the request. 319 320The arg must be formatted as C</type0=value0/type1=value1/type2=...>. 321Special characters may be escaped by C<\> (backslash), whitespace is retained. 322Empty values are permitted, but the corresponding type will not be included 323in the resulting certificate. 324Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN). 325Multi-valued RDNs can be formed by placing a C<+> character instead of a C</> 326between the AttributeValueAssertions (AVAs) that specify the members of the set. 327Example: 328 329C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> 330 331=item B<-utf8> 332 333This option causes field values to be interpreted as UTF8 strings, by 334default they are interpreted as ASCII. This means that the field 335values, whether prompted from a terminal or obtained from a 336configuration file, must be valid UTF8 strings. 337 338=item B<-create_serial> 339 340If reading serial from the text file as specified in the configuration 341fails, specifying this option creates a new random serial to be used as next 342serial number. 343To get random serial numbers, use the B<-rand_serial> flag instead; this 344should only be used for simple error-recovery. 345 346=item B<-rand_serial> 347 348Generate a large random number to use as the serial number. 349This overrides any option or configuration to use a serial number file. 350 351=item B<-multivalue-rdn> 352 353This option has been deprecated and has no effect. 354 355{- $OpenSSL::safe::opt_r_item -} 356 357{- $OpenSSL::safe::opt_engine_item -} 358 359{- $OpenSSL::safe::opt_provider_item -} 360 361=back 362 363=head1 CRL OPTIONS 364 365=over 4 366 367=item B<-gencrl> 368 369This option generates a CRL based on information in the index file. 370 371=item B<-crl_lastupdate> I<time> 372 373Allows the value of the CRL's lastUpdate field to be explicitly set; if 374this option is not present, the current time is used. Accepts times in 375YYMMDDHHMMSSZ format (the same as an ASN1 UTCTime structure) or 376YYYYMMDDHHMMSSZ format (the same as an ASN1 GeneralizedTime structure). 377 378=item B<-crl_nextupdate> I<time> 379 380Allows the value of the CRL's nextUpdate field to be explicitly set; if 381this option is present, any values given for B<-crldays>, B<-crlhours> 382and B<-crlsec> are ignored. Accepts times in the same formats as 383B<-crl_lastupdate>. 384 385=item B<-crldays> I<num> 386 387The number of days before the next CRL is due. That is the days from 388now to place in the CRL nextUpdate field. 389 390=item B<-crlhours> I<num> 391 392The number of hours before the next CRL is due. 393 394=item B<-crlsec> I<num> 395 396The number of seconds before the next CRL is due. 397 398=item B<-revoke> I<filename> 399 400A filename containing a certificate to revoke. 401 402=item B<-valid> I<filename> 403 404A filename containing a certificate to add a Valid certificate entry. 405 406=item B<-status> I<serial> 407 408Displays the revocation status of the certificate with the specified 409serial number and exits. 410 411=item B<-updatedb> 412 413Updates the database index to purge expired certificates. 414 415=item B<-crl_reason> I<reason> 416 417Revocation reason, where I<reason> is one of: B<unspecified>, B<keyCompromise>, 418B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>, 419B<certificateHold> or B<removeFromCRL>. The matching of I<reason> is case 420insensitive. Setting any revocation reason will make the CRL v2. 421 422In practice B<removeFromCRL> is not particularly useful because it is only used 423in delta CRLs which are not currently implemented. 424 425=item B<-crl_hold> I<instruction> 426 427This sets the CRL revocation reason code to B<certificateHold> and the hold 428instruction to I<instruction> which must be an OID. Although any OID can be 429used only B<holdInstructionNone> (the use of which is discouraged by RFC2459) 430B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used. 431 432=item B<-crl_compromise> I<time> 433 434This sets the revocation reason to B<keyCompromise> and the compromise time to 435I<time>. I<time> should be in GeneralizedTime format that is I<YYYYMMDDHHMMSSZ>. 436 437=item B<-crl_CA_compromise> I<time> 438 439This is the same as B<crl_compromise> except the revocation reason is set to 440B<CACompromise>. 441 442=item B<-crlexts> I<section> 443 444The section of the configuration file containing CRL extensions to 445include. If no CRL extension section is present then a V1 CRL is 446created, if the CRL extension section is present (even if it is 447empty) then a V2 CRL is created. The CRL extensions specified are 448CRL extensions and B<not> CRL entry extensions. It should be noted 449that some software (for example Netscape) can't handle V2 CRLs. See 450L<x509v3_config(5)> manual page for details of the 451extension section format. 452 453=back 454 455=head1 CONFIGURATION FILE OPTIONS 456 457The section of the configuration file containing options for this command 458is found as follows: If the B<-name> command line option is used, 459then it names the section to be used. Otherwise the section to 460be used must be named in the B<default_ca> option of the B<ca> section 461of the configuration file (or in the default section of the 462configuration file). Besides B<default_ca>, the following options are 463read directly from the B<ca> section: 464 RANDFILE 465 preserve 466 msie_hack 467With the exception of B<RANDFILE>, this is probably a bug and may 468change in future releases. 469 470Many of the configuration file options are identical to command line 471options. Where the option is present in the configuration file 472and the command line the command line value is used. Where an 473option is described as mandatory then it must be present in 474the configuration file or the command line equivalent (if 475any) used. 476 477=over 4 478 479=item B<oid_file> 480 481This specifies a file containing additional B<OBJECT IDENTIFIERS>. 482Each line of the file should consist of the numerical form of the 483object identifier followed by whitespace then the short name followed 484by whitespace and finally the long name. 485 486=item B<oid_section> 487 488This specifies a section in the configuration file containing extra 489object identifiers. Each line should consist of the short name of the 490object identifier followed by B<=> and the numerical form. The short 491and long names are the same when this option is used. 492 493=item B<new_certs_dir> 494 495The same as the B<-outdir> command line option. It specifies 496the directory where new certificates will be placed. Mandatory. 497 498=item B<certificate> 499 500The same as B<-cert>. It gives the file containing the CA 501certificate. Mandatory. 502 503=item B<private_key> 504 505Same as the B<-keyfile> option. The file containing the 506CA private key. Mandatory. 507 508=item B<RANDFILE> 509 510At startup the specified file is loaded into the random number generator, 511and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is 512not necessary anymore, see the L</HISTORY> section. 513 514=item B<default_days> 515 516The same as the B<-days> option. The number of days from today to certify 517a certificate for. 518 519=item B<default_startdate> 520 521The same as the B<-startdate> option. The start date to certify 522a certificate for. If not set the current time is used. 523 524=item B<default_enddate> 525 526The same as the B<-enddate> option. Either this option or 527B<default_days> (or the command line equivalents) must be 528present. 529 530=item B<default_crl_hours default_crl_days> 531 532The same as the B<-crlhours> and the B<-crldays> options. These 533will only be used if neither command line option is present. At 534least one of these must be present to generate a CRL. 535 536=item B<default_md> 537 538The same as the B<-md> option. Mandatory except where the signing algorithm does 539not require a digest (i.e. Ed25519 and Ed448). 540 541=item B<database> 542 543The text database file to use. Mandatory. This file must be present 544though initially it will be empty. 545 546=item B<unique_subject> 547 548If the value B<yes> is given, the valid certificate entries in the 549database must have unique subjects. if the value B<no> is given, 550several valid certificate entries may have the exact same subject. 551The default value is B<yes>, to be compatible with older (pre 0.9.8) 552versions of OpenSSL. However, to make CA certificate roll-over easier, 553it's recommended to use the value B<no>, especially if combined with 554the B<-selfsign> command line option. 555 556Note that it is valid in some circumstances for certificates to be created 557without any subject. In the case where there are multiple certificates without 558subjects this does not count as a duplicate. 559 560=item B<serial> 561 562A text file containing the next serial number to use in hex. Mandatory. 563This file must be present and contain a valid serial number. 564 565=item B<crlnumber> 566 567A text file containing the next CRL number to use in hex. The crl number 568will be inserted in the CRLs only if this file exists. If this file is 569present, it must contain a valid CRL number. 570 571=item B<x509_extensions> 572 573A fallback to the B<-extensions> option. 574 575=item B<crl_extensions> 576 577A fallback to the B<-crlexts> option. 578 579=item B<preserve> 580 581The same as B<-preserveDN> 582 583=item B<email_in_dn> 584 585The same as B<-noemailDN>. If you want the EMAIL field to be removed 586from the DN of the certificate simply set this to 'no'. If not present 587the default is to allow for the EMAIL filed in the certificate's DN. 588 589=item B<msie_hack> 590 591The same as B<-msie_hack> 592 593=item B<policy> 594 595The same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section 596for more information. 597 598=item B<name_opt>, B<cert_opt> 599 600These options allow the format used to display the certificate details 601when asking the user to confirm signing. All the options supported by 602the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used 603here, except the B<no_signame> and B<no_sigdump> are permanently set 604and cannot be disabled (this is because the certificate signature cannot 605be displayed because the certificate has not been signed at this point). 606 607For convenience the values B<ca_default> are accepted by both to produce 608a reasonable output. 609 610If neither option is present the format used in earlier versions of 611OpenSSL is used. Use of the old format is B<strongly> discouraged because 612it only displays fields mentioned in the B<policy> section, mishandles 613multicharacter string types and does not display extensions. 614 615=item B<copy_extensions> 616 617Determines how extensions in certificate requests should be handled. 618If set to B<none> or this option is not present then extensions are 619ignored and not copied to the certificate. If set to B<copy> then any 620extensions present in the request that are not already present are copied 621to the certificate. If set to B<copyall> then all extensions in the 622request are copied to the certificate: if the extension is already present 623in the certificate it is deleted first. See the B<WARNINGS> section before 624using this option. 625 626The main use of this option is to allow a certificate request to supply 627values for certain extensions such as subjectAltName. 628 629=back 630 631=head1 POLICY FORMAT 632 633The policy section consists of a set of variables corresponding to 634certificate DN fields. If the value is "match" then the field value 635must match the same field in the CA certificate. If the value is 636"supplied" then it must be present. If the value is "optional" then 637it may be present. Any fields not mentioned in the policy section 638are silently deleted, unless the B<-preserveDN> option is set but 639this can be regarded more of a quirk than intended behaviour. 640 641=head1 SPKAC FORMAT 642 643The input to the B<-spkac> command line option is a Netscape 644signed public key and challenge. This will usually come from 645the B<KEYGEN> tag in an HTML form to create a new private key. 646It is however possible to create SPKACs using L<openssl-spkac(1)>. 647 648The file should contain the variable SPKAC set to the value of 649the SPKAC and also the required DN components as name value pairs. 650If you need to include the same component twice then it can be 651preceded by a number and a '.'. 652 653When processing SPKAC format, the output is DER if the B<-out> 654flag is used, but PEM format if sending to stdout or the B<-outdir> 655flag is used. 656 657=head1 EXAMPLES 658 659Note: these examples assume that the directory structure this command 660assumes is already set up and the relevant files already exist. This 661usually involves creating a CA certificate and private key with 662L<openssl-req(1)>, a serial number file and an empty index file and 663placing them in the relevant directories. 664 665To use the sample configuration file below the directories F<demoCA>, 666F<demoCA/private> and F<demoCA/newcerts> would be created. The CA 667certificate would be copied to F<demoCA/cacert.pem> and its private 668key to F<demoCA/private/cakey.pem>. A file F<demoCA/serial> would be 669created containing for example "01" and the empty index file 670F<demoCA/index.txt>. 671 672 673Sign a certificate request: 674 675 openssl ca -in req.pem -out newcert.pem 676 677Sign an SM2 certificate request: 678 679 openssl ca -in sm2.csr -out sm2.crt -md sm3 \ 680 -sigopt "distid:1234567812345678" \ 681 -vfyopt "distid:1234567812345678" 682 683Sign a certificate request, using CA extensions: 684 685 openssl ca -in req.pem -extensions v3_ca -out newcert.pem 686 687Generate a CRL 688 689 openssl ca -gencrl -out crl.pem 690 691Sign several requests: 692 693 openssl ca -infiles req1.pem req2.pem req3.pem 694 695Certify a Netscape SPKAC: 696 697 openssl ca -spkac spkac.txt 698 699A sample SPKAC file (the SPKAC line has been truncated for clarity): 700 701 SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 702 CN=Steve Test 703 emailAddress=steve@openssl.org 704 0.OU=OpenSSL Group 705 1.OU=Another Group 706 707A sample configuration file with the relevant sections for this command: 708 709 [ ca ] 710 default_ca = CA_default # The default ca section 711 712 [ CA_default ] 713 714 dir = ./demoCA # top dir 715 database = $dir/index.txt # index file. 716 new_certs_dir = $dir/newcerts # new certs dir 717 718 certificate = $dir/cacert.pem # The CA cert 719 serial = $dir/serial # serial no file 720 #rand_serial = yes # for random serial#'s 721 private_key = $dir/private/cakey.pem# CA private key 722 723 default_days = 365 # how long to certify for 724 default_crl_days= 30 # how long before next CRL 725 default_md = md5 # md to use 726 727 policy = policy_any # default policy 728 email_in_dn = no # Don't add the email into cert DN 729 730 name_opt = ca_default # Subject name display option 731 cert_opt = ca_default # Certificate display option 732 copy_extensions = none # Don't copy extensions from request 733 734 [ policy_any ] 735 countryName = supplied 736 stateOrProvinceName = optional 737 organizationName = optional 738 organizationalUnitName = optional 739 commonName = supplied 740 emailAddress = optional 741 742=head1 FILES 743 744Note: the location of all files can change either by compile time options, 745configuration file entries, environment variables or command line options. 746The values below reflect the default values. 747 748 /usr/local/ssl/lib/openssl.cnf - master configuration file 749 ./demoCA - main CA directory 750 ./demoCA/cacert.pem - CA certificate 751 ./demoCA/private/cakey.pem - CA private key 752 ./demoCA/serial - CA serial number file 753 ./demoCA/serial.old - CA serial number backup file 754 ./demoCA/index.txt - CA text database file 755 ./demoCA/index.txt.old - CA text database backup file 756 ./demoCA/certs - certificate output file 757 758=head1 RESTRICTIONS 759 760The text database index file is a critical part of the process and 761if corrupted it can be difficult to fix. It is theoretically possible 762to rebuild the index file from all the issued certificates and a current 763CRL: however there is no option to do this. 764 765V2 CRL features like delta CRLs are not currently supported. 766 767Although several requests can be input and handled at once it is only 768possible to include one SPKAC or self-signed certificate. 769 770=head1 BUGS 771 772This command is quirky and at times downright unfriendly. 773 774The use of an in-memory text database can cause problems when large 775numbers of certificates are present because, as the name implies 776the database has to be kept in memory. 777 778This command really needs rewriting or the required functionality 779exposed at either a command or interface level so that a more user-friendly 780replacement could handle things properly. The script 781B<CA.pl> helps a little but not very much. 782 783Any fields in a request that are not present in a policy are silently 784deleted. This does not happen if the B<-preserveDN> option is used. To 785enforce the absence of the EMAIL field within the DN, as suggested by 786RFCs, regardless the contents of the request' subject the B<-noemailDN> 787option can be used. The behaviour should be more friendly and 788configurable. 789 790Canceling some commands by refusing to certify a certificate can 791create an empty file. 792 793=head1 WARNINGS 794 795This command was originally meant as an example of how to do things in a CA. 796Its code does not have production quality. 797It was not supposed to be used as a full blown CA itself, 798nevertheless some people are using it for this purpose at least internally. 799When doing so, specific care should be taken to 800properly secure the private key(s) used for signing certificates. 801It is advisable to keep them in a secure HW storage such as a smart card or HSM 802and access them via a suitable engine or crypto provider. 803 804This command is effectively a single user command: no locking 805is done on the various files and attempts to run more than one B<openssl ca> 806command on the same database can have unpredictable results. 807 808The B<copy_extensions> option should be used with caution. If care is 809not taken then it can be a security risk. For example if a certificate 810request contains a basicConstraints extension with CA:TRUE and the 811B<copy_extensions> value is set to B<copyall> and the user does not spot 812this when the certificate is displayed then this will hand the requester 813a valid CA certificate. 814This situation can be avoided by setting B<copy_extensions> to B<copy> 815and including basicConstraints with CA:FALSE in the configuration file. 816Then if the request contains a basicConstraints extension it will be 817ignored. 818 819It is advisable to also include values for other extensions such 820as B<keyUsage> to prevent a request supplying its own values. 821 822Additional restrictions can be placed on the CA certificate itself. 823For example if the CA certificate has: 824 825 basicConstraints = CA:TRUE, pathlen:0 826 827then even if a certificate is issued with CA:TRUE it will not be valid. 828 829=head1 HISTORY 830 831Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, 832certificate validity period (specified by any of B<-startdate>, 833B<-enddate> and B<-days>) and CRL last/next update time (specified by 834any of B<-crl_lastupdate>, B<-crl_nextupdate>, B<-crldays>, B<-crlhours> 835and B<-crlsec>) will be encoded as UTCTime if the dates are 836earlier than year 2049 (included), and as GeneralizedTime if the dates 837are in year 2050 or later. 838 839OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved 840seeding mechanism. The new seeding mechanism makes it unnecessary to 841define a RANDFILE for saving and restoring randomness. This option is 842retained mainly for compatibility reasons. 843 844The B<-section> option was added in OpenSSL 3.0.0. 845 846The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and 847has no effect. 848 849The B<-engine> option was deprecated in OpenSSL 3.0. 850 851Since OpenSSL 3.2, generated certificates bear X.509 version 3, 852and key identifier extensions are included by default. 853 854=head1 SEE ALSO 855 856L<openssl(1)>, 857L<openssl-req(1)>, 858L<openssl-spkac(1)>, 859L<openssl-x509(1)>, 860L<CA.pl(1)>, 861L<config(5)>, 862L<x509v3_config(5)> 863 864=head1 COPYRIGHT 865 866Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 867 868Licensed under the Apache License 2.0 (the "License"). You may not use 869this file except in compliance with the License. You can obtain a copy 870in the file LICENSE in the source distribution or at 871L<https://www.openssl.org/source/license.html>. 872 873=cut 874