6/23/2023 0 Comments Openssl print certificateSee openssl-format-options(1) for details. The key input format unspecified by default. Unless the -preserve_dates option is supplied, it sets the validity start date to the current time and the end date to a value determined by the -days option. It sets the issuer name to the subject name (i.e., makes it self-issued) and changes the public key to the supplied value (unless overridden by -force_pubkey). This option cannot be used in conjunction with the -CA option. Unless -force_pubkey is given, the corresponding public key is placed in the new certificate or certificate request, resulting in a self-signature. This option provides the private key for signing a new certificate or certificate request. Names and values of these options are algorithm-specific. Pass options to the signature algorithm during verify operations. The input file format unspecified by default. The -ext option can be used to further restrict which extensions to copy. If arg is copy or copyall then all extensions are copied, except that subject identifier and authority key identifier extensions are not taken over when producing a certificate request. If arg is none or this option is not present then extensions are ignored. copy_extensions argĭetermines how to handle X.509 extensions when converting from a certificate to a request using the -x509toreq option or converting from a request to a certificate using the -req option. X.509 extensions to be added can be specified using the -extfile option. X.509 extensions included in the request are not copied by default. With this option a PKCS#10 certificate request is expected instead, which must be correctly self-signed. reqīy default a certificate is expected on input. X.509 extensions included in a certificate input are not copied by default. The -key (or -signkey) option must be used to provide the private key for self-signing the corresponding public key is placed in the subjectPKInfo field. Output a PKCS#10 certificate request (rather than a certificate). The public key to include can be given with the -force_pubkey option and defaults to the key given with the -key (or -signkey) option, which implies self-signature. Instead, the -subj option needs to be given. So the -in option must not be used in this case. Generate a certificate from scratch, not using an input certificate or certificate request. For more information about the format of arg see openssl-passphrase-options(1). The key and certificate file password source. This option cannot be combined with the -new flag. In both cases this defaults to standard input. This specifies the input to read a certificate from or the input file for reading a certificate request if the -req flag is used. OPTIONS Input, Output, and General Purpose Options -help Since there are a large number of options they will split up into various sections. It can be used to print certificate information, convert certificates to various forms, edit certificate trust settings, generate certificates from scratch or from certificating requests and then self-signing them or signing them like a "micro CA". This command is a multi-purposes certificate handling command. Openssl-x509 - Certificate display and signing command SYNOPSIS
0 Comments
Leave a Reply. |