| 1 |
|
.\" $MidnightBSD$ |
| 2 |
< |
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) |
| 2 |
> |
.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) |
| 3 |
|
.\" |
| 4 |
|
.\" Standard preamble: |
| 5 |
|
.\" ======================================================================== |
| 47 |
|
.ie \n(.g .ds Aq \(aq |
| 48 |
|
.el .ds Aq ' |
| 49 |
|
.\" |
| 50 |
< |
.\" If the F register is turned on, we'll generate index entries on stderr for |
| 50 |
> |
.\" If the F register is >0, we'll generate index entries on stderr for |
| 51 |
|
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
| 52 |
|
.\" entries marked with X<> in POD. Of course, you'll have to process the |
| 53 |
|
.\" output yourself in some meaningful fashion. |
| 55 |
|
.\" Avoid warning from groff about undefined register 'F'. |
| 56 |
|
.de IX |
| 57 |
|
.. |
| 58 |
< |
.nr rF 0 |
| 59 |
< |
.if \n(.g .if rF .nr rF 1 |
| 60 |
< |
.if (\n(rF:(\n(.g==0)) \{ |
| 61 |
< |
. if \nF \{ |
| 62 |
< |
. de IX |
| 63 |
< |
. tm Index:\\$1\t\\n%\t"\\$2" |
| 58 |
> |
.if !\nF .nr F 0 |
| 59 |
> |
.if \nF>0 \{\ |
| 60 |
> |
. de IX |
| 61 |
> |
. tm Index:\\$1\t\\n%\t"\\$2" |
| 62 |
|
.. |
| 63 |
< |
. if !\nF==2 \{ |
| 64 |
< |
. nr % 0 |
| 65 |
< |
. nr F 2 |
| 68 |
< |
. \} |
| 63 |
> |
. if !\nF==2 \{\ |
| 64 |
> |
. nr % 0 |
| 65 |
> |
. nr F 2 |
| 66 |
|
. \} |
| 67 |
|
.\} |
| 71 |
– |
.rr rF |
| 68 |
|
.\" |
| 69 |
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
| 70 |
|
.\" Fear. Run. Save yourself. No user-serviceable parts. |
| 130 |
|
.\" ======================================================================== |
| 131 |
|
.\" |
| 132 |
|
.IX Title "CA 1" |
| 133 |
< |
.TH CA 1 "2016-09-22" "1.0.1u" "OpenSSL" |
| 133 |
> |
.TH CA 1 "2018-11-20" "1.0.2q" "OpenSSL" |
| 134 |
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes |
| 135 |
|
.\" way too many mistakes in technical documents. |
| 136 |
|
.if n .ad l |
| 137 |
|
.nh |
| 138 |
|
.SH "NAME" |
| 139 |
+ |
openssl\-ca, |
| 140 |
|
ca \- sample minimal CA application |
| 141 |
|
.SH "SYNOPSIS" |
| 142 |
|
.IX Header "SYNOPSIS" |
| 267 |
|
.IP "\fB\-startdate date\fR" 4 |
| 268 |
|
.IX Item "-startdate date" |
| 269 |
|
this allows the start date to be explicitly set. The format of the |
| 270 |
< |
date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). |
| 270 |
> |
date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). |
| 271 |
|
.IP "\fB\-enddate date\fR" 4 |
| 272 |
|
.IX Item "-enddate date" |
| 273 |
|
this allows the expiry date to be explicitly set. The format of the |
| 274 |
< |
date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). |
| 274 |
> |
date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). |
| 275 |
|
.IP "\fB\-days arg\fR" 4 |
| 276 |
|
.IX Item "-days arg" |
| 277 |
|
the number of days to certify the certificate for. |
| 281 |
|
This option also applies to CRLs. |
| 282 |
|
.IP "\fB\-policy arg\fR" 4 |
| 283 |
|
.IX Item "-policy arg" |
| 284 |
< |
this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in |
| 284 |
> |
this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in |
| 285 |
|
the configuration file which decides which fields should be mandatory |
| 286 |
|
or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section |
| 287 |
|
for more information. |
| 414 |
|
of the configuration file (or in the default section of the |
| 415 |
|
configuration file). Besides \fBdefault_ca\fR, the following options are |
| 416 |
|
read directly from the \fBca\fR section: |
| 417 |
< |
\s-1RANDFILE |
| 418 |
< |
\&\s0 preserve |
| 417 |
> |
\s-1RANDFILE\s0 |
| 418 |
> |
preserve |
| 419 |
|
msie_hack |
| 420 |
|
With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may |
| 421 |
|
change in future releases. |
| 488 |
|
versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, |
| 489 |
|
it's recommended to use the value \fBno\fR, especially if combined with |
| 490 |
|
the \fB\-selfsign\fR command line option. |
| 491 |
+ |
.Sp |
| 492 |
+ |
Note that it is valid in some circumstances for certificates to be created |
| 493 |
+ |
without any subject. In the case where there are multiple certificates without |
| 494 |
+ |
subjects this does not count as a duplicate. |
| 495 |
|
.IP "\fBserial\fR" 4 |
| 496 |
|
.IX Item "serial" |
| 497 |
|
a text file containing the next serial number to use in hex. Mandatory. |
