Lines Matching refs:certificate

58 The B<verify> command verifies certificate chains.
77 form ("hash" is the hashed certificate subject name: see the B<-hash> option
102 the last certificate in a chain if the certificate is supposedly self-signed.
104 certificate with key usage restrictions not including the keyCertSign bit.
115 Attempt to download CRL information for this certificate.
119 Checks end entity certificate validity by attempting to look up a valid CRL.
148 supported by OpenSSL the certificate is rejected (as required by RFC5280).
176 trusted certificate that might not be self-signed.
186 Enables certificate policy processing.
194 The intended use for the certificate. If this option is not specified,
195 B<verify> will not consider certificate purpose during chain verification.
210 When constructing the certificate chain, use the trusted certificates specified
218 By default, unless B<-trusted_first> is specified, when building a certificate
219 chain, if the first certificate chain found is not trusted, then OpenSSL will
228 to construct a certificate chain from the subject certificate to a trust-anchor.
238 With this option, no additional (e.g., default) certificate lists are
257 Set the certificate chain authentication security level to B<level>.
259 public key strength when verifying certificate chains.
260 For a certificate chain to validate, the public keys of all the certificates
275 Limit the certificate chain to B<num> intermediate CA certificates.
277 end-entity certificate nor the trust-anchor certificate count against the
288 Common Name in the subject certificate.
293 the subject certificate.
297 Use default verification policies like trust model and required certificate
300 to verifying the given certificate chain.
318 Display information about the certificate chain that has been built (if
325 certificate files. This is useful if the first certificate filename begins
331 will attempt to read a certificate from standard input. Certificates must be
345 first error. This allows all the problems with a certificate chain to be
350 Firstly a certificate chain is built up starting from the supplied certificate
353 The chain is built up by looking up the issuers certificate of the current
354 certificate.
355 If a certificate is found which is its own issuer it is assumed to be the root
358 The process of 'looking up the issuers certificate' itself involves a number of
361 certificate are subject to further tests.
362 The relevant authority key identifier components of the current certificate (if
365 the candidate issuer (if present) must permit certificate signing.
369 is always looked up in the trusted certificate list: if the certificate to
370 verify is a root certificate then an exact match must be found in the trusted
373 The second operation is to check every untrusted certificate's extensions for
375 then no checks are done. The supplied or "leaf" certificate must have extensions
382 For compatibility with previous versions of OpenSSL, a certificate with no
385 The final operation is to check the validity of the certificate chain.
386 For each element in the chain, including the root CA certificate,
390 The certificate signature is checked as well
391 (except for the signature of the typically self-signed root CA certificate,
394 If all operations complete successfully then certificate is considered valid. If
395 any operation fails then the certificate is not valid.
403  error 24 at 1 depth lookup:invalid CA certificate
405 The first line contains the name of the certificate being verified followed by
406 the subject name of the certificate. The second line contains the error number
407 and the depth. The depth is number of the certificate being verified when a
408 problem was detected starting with zero for the certificate being verified itself
409 then 1 for the CA that signed the certificate and so on. Finally a text version
429 The issuer certificate of a looked up certificate could not be found. This
434 The CRL of a certificate could not be found.
438 The certificate signature could not be decrypted. This means that the
450 The public key in the certificate SubjectPublicKeyInfo could not be read.
454 The signature of the certificate is invalid.
458 The signature of the certificate is invalid.
462 The certificate is not yet valid: the notBefore date is after the
467 The certificate has expired: that is the notAfter date is before the
480 The certificate notBefore field contains an invalid time.
484 The certificate notAfter field contains an invalid time.
500 The passed certificate is self-signed and the same certificate cannot
505 The certificate chain could be built up using the untrusted certificates
510 The issuer certificate could not be found: this occurs if the issuer
511 certificate of an untrusted certificate cannot be found.
516 certificate and it is not self signed.
520 The certificate chain length is greater than the supplied maximum
525 The certificate has been revoked.
529 A CA certificate is invalid. Either it is not a CA or its extensions
538 The supplied certificate cannot be used for the specified purpose.
570 Unable to get CRL issuer certificate.
586 Invalid non-CA certificate has CA markings.
594 Proxy certificate subject is invalid.  It MUST be the same as the issuer
607 Invalid or inconsistent certificate extension.
611 Invalid or inconsistent certificate policy extension.
667 Suite B: certificate version invalid.
704 certificate chain.
709 EE certificate key too weak.
713 CA certificate key too weak.
721 nvalid certificate verification context.
725 Issuer certificate lookup error.
745 Returned by the verify callback to indicate that the certificate is not recognized