Lines Matching refs:certificate
64 to sign certificate requests in a variety of forms and generate
95 An input filename containing a single certificate request to be
100 A single self-signed certificate to be signed by the CA.
111 are taken as the names of files containing certificate requests.
116 output. The certificate details will also be printed out to this
121 The directory to output certificates to. The certificate will be
127 The CA certificate file.
152 the certificate requests were signed with (given with B<-keyfile>).
158 certificate appears among the entries in the certificate database
161 self-signed certificate.
170 Don't output the text form of a certificate to the output file.
188 The number of days to certify the certificate for.
201 or match the CA certificate. Check out the B<POLICY FORMAT> section
207 the IE certificate enrollment control "certenr3". It used UniversalStrings
213 Normally the DN order of a certificate is the same as the order of the
221 The DN of a certificate can contain the EMAIL field if present in the
223 the altName extension of the certificate. When this option is set the
224 EMAIL field is removed from the certificate' subject and set only in
235 The section of the configuration file containing certificate extensions
236 to be added when a certificate is issued (defaults to B<x509_extensions>
238 present then, a V1 certificate is created. If the extension section
239 is present (even if it is empty), then a V3 certificate is created. See the
245 An additional configuration file to read certificate extensions from
262 in the resulting certificate.
327 A filename containing a certificate to revoke.
331 A filename containing a certificate to add a Valid certificate entry.
335 Displays the revocation status of the certificate with the specified
425 =item B<certificate>
428 certificate. Mandatory.
443 a certificate for.
448 a certificate for. If not set the current time is used.
474 If the value B<yes> is given, the valid certificate entries in the
476 several valid certificate entries may have the exact same subject.
478 versions of OpenSSL. However, to make CA certificate roll-over easier,
512 from the DN of the certificate simply set this to 'no'. If not present
513 the default is to allow for the EMAIL filed in the certificate's DN.
526 These options allow the format used to display the certificate details
530 and cannot be disabled (this is because the certificate signature cannot
531 be displayed because the certificate has not been signed at this point).
543 Determines how extensions in certificate requests should be handled.
545 ignored and not copied to the certificate. If set to B<copy> then any
547 to the certificate. If set to B<copyall> then all extensions in the
548 request are copied to the certificate: if the extension is already present
549 in the certificate it is deleted first. See the B<WARNINGS> section before
552 The main use of this option is to allow a certificate request to supply
560 certificate DN fields. If the value is "match" then the field value
561 must match the same field in the CA certificate. If the value is
587 involves creating a CA certificate and private key with B<req>, a
593 certificate would be copied to demoCA/cacert.pem and its private
599 Sign a certificate request:
603 Sign a certificate request, using CA extensions:
638 certificate = $dir/cacert.pem # The CA cert
671 ./demoCA/cacert.pem - CA certificate
677 ./demoCA/certs - certificate output file
690 possible to include one SPKAC or self-signed certificate.
710 Canceling some commands by refusing to certify a certificate can
726 not taken then it can be a security risk. For example if a certificate
729 this when the certificate is displayed then this will hand the requester
730 a valid CA certificate.
740 Additional restrictions can be placed on the CA certificate itself.
741 For example if the CA certificate has:
745 then even if a certificate is issued with CA:TRUE it will not be valid.
750 certificate validity period (specified by any of B<-startdate>,