1 |
|
.\" $MidnightBSD$ |
2 |
< |
.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) |
2 |
> |
.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) |
3 |
|
.\" |
4 |
|
.\" Standard preamble: |
5 |
|
.\" ======================================================================== |
47 |
|
.ie \n(.g .ds Aq \(aq |
48 |
|
.el .ds Aq ' |
49 |
|
.\" |
50 |
< |
.\" If the F register is turned on, we'll generate index entries on stderr for |
50 |
> |
.\" If the F register is >0, we'll generate index entries on stderr for |
51 |
|
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
52 |
|
.\" entries marked with X<> in POD. Of course, you'll have to process the |
53 |
|
.\" output yourself in some meaningful fashion. |
55 |
|
.\" Avoid warning from groff about undefined register 'F'. |
56 |
|
.de IX |
57 |
|
.. |
58 |
< |
.nr rF 0 |
59 |
< |
.if \n(.g .if rF .nr rF 1 |
60 |
< |
.if (\n(rF:(\n(.g==0)) \{ |
61 |
< |
. if \nF \{ |
62 |
< |
. de IX |
63 |
< |
. tm Index:\\$1\t\\n%\t"\\$2" |
58 |
> |
.if !\nF .nr F 0 |
59 |
> |
.if \nF>0 \{\ |
60 |
> |
. de IX |
61 |
> |
. tm Index:\\$1\t\\n%\t"\\$2" |
62 |
|
.. |
63 |
< |
. if !\nF==2 \{ |
64 |
< |
. nr % 0 |
65 |
< |
. nr F 2 |
68 |
< |
. \} |
63 |
> |
. if !\nF==2 \{\ |
64 |
> |
. nr % 0 |
65 |
> |
. nr F 2 |
66 |
|
. \} |
67 |
|
.\} |
71 |
– |
.rr rF |
68 |
|
.\" |
69 |
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
70 |
|
.\" Fear. Run. Save yourself. No user-serviceable parts. |
130 |
|
.\" ======================================================================== |
131 |
|
.\" |
132 |
|
.IX Title "CA 1" |
133 |
< |
.TH CA 1 "2016-09-22" "1.0.1u" "OpenSSL" |
133 |
> |
.TH CA 1 "2018-11-20" "1.0.2q" "OpenSSL" |
134 |
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes |
135 |
|
.\" way too many mistakes in technical documents. |
136 |
|
.if n .ad l |
137 |
|
.nh |
138 |
|
.SH "NAME" |
139 |
+ |
openssl\-ca, |
140 |
|
ca \- sample minimal CA application |
141 |
|
.SH "SYNOPSIS" |
142 |
|
.IX Header "SYNOPSIS" |
267 |
|
.IP "\fB\-startdate date\fR" 4 |
268 |
|
.IX Item "-startdate date" |
269 |
|
this allows the start date to be explicitly set. The format of the |
270 |
< |
date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). |
270 |
> |
date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). |
271 |
|
.IP "\fB\-enddate date\fR" 4 |
272 |
|
.IX Item "-enddate date" |
273 |
|
this allows the expiry date to be explicitly set. The format of the |
274 |
< |
date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). |
274 |
> |
date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). |
275 |
|
.IP "\fB\-days arg\fR" 4 |
276 |
|
.IX Item "-days arg" |
277 |
|
the number of days to certify the certificate for. |
281 |
|
This option also applies to CRLs. |
282 |
|
.IP "\fB\-policy arg\fR" 4 |
283 |
|
.IX Item "-policy arg" |
284 |
< |
this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in |
284 |
> |
this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in |
285 |
|
the configuration file which decides which fields should be mandatory |
286 |
|
or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section |
287 |
|
for more information. |
414 |
|
of the configuration file (or in the default section of the |
415 |
|
configuration file). Besides \fBdefault_ca\fR, the following options are |
416 |
|
read directly from the \fBca\fR section: |
417 |
< |
\s-1RANDFILE |
418 |
< |
\&\s0 preserve |
417 |
> |
\s-1RANDFILE\s0 |
418 |
> |
preserve |
419 |
|
msie_hack |
420 |
|
With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may |
421 |
|
change in future releases. |
488 |
|
versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, |
489 |
|
it's recommended to use the value \fBno\fR, especially if combined with |
490 |
|
the \fB\-selfsign\fR command line option. |
491 |
+ |
.Sp |
492 |
+ |
Note that it is valid in some circumstances for certificates to be created |
493 |
+ |
without any subject. In the case where there are multiple certificates without |
494 |
+ |
subjects this does not count as a duplicate. |
495 |
|
.IP "\fBserial\fR" 4 |
496 |
|
.IX Item "serial" |
497 |
|
a text file containing the next serial number to use in hex. Mandatory. |