diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/ca.1')
-rw-r--r-- | secure/usr.bin/openssl/man/ca.1 | 113 |
1 files changed, 49 insertions, 64 deletions
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index d4fd31a..e14eede 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH CA 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" ca \- sample minimal CA application .SH "SYNOPSIS" @@ -206,7 +205,7 @@ section for information on the required format. .IP "\fB\-infiles\fR" 4 .IX Item "-infiles" if present this should be the last option, all subsequent arguments -are assumed to the the names of files containing certificate requests. +are assumed to the the names of files containing certificate requests. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" the output file to output certificates to. The default is standard @@ -380,7 +379,7 @@ include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is created, if the \s-1CRL\s0 extension section is present (even if it is empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are \&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted -that some software (for example Netscape) can't handle V2 CRLs. +that some software (for example Netscape) can't handle V2 CRLs. .SH "CONFIGURATION FILE OPTIONS" .IX Header "CONFIGURATION FILE OPTIONS" The section of the configuration file containing options for \fBca\fR @@ -407,7 +406,7 @@ any) used. This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed -by white space and finally the long name. +by white space and finally the long name. .IP "\fBoid_section\fR" 4 .IX Item "oid_section" This specifies a section in the configuration file containing extra @@ -433,7 +432,7 @@ an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). .IP "\fBdefault_days\fR" 4 .IX Item "default_days" the same as the \fB\-days\fR option. The number of days to certify -a certificate for. +a certificate for. .IP "\fBdefault_startdate\fR" 4 .IX Item "default_startdate" the same as the \fB\-startdate\fR option. The start date to certify @@ -561,31 +560,31 @@ demoCA/index.txt. Sign a certificate request: .PP .Vb 1 -\& openssl ca -in req.pem -out newcert.pem +\& openssl ca \-in req.pem \-out newcert.pem .Ve .PP Sign a certificate request, using \s-1CA\s0 extensions: .PP .Vb 1 -\& openssl ca -in req.pem -extensions v3_ca -out newcert.pem +\& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem .Ve .PP Generate a \s-1CRL\s0 .PP .Vb 1 -\& openssl ca -gencrl -out crl.pem +\& openssl ca \-gencrl \-out crl.pem .Ve .PP Sign several requests: .PP .Vb 1 -\& openssl ca -infiles req1.pem req2.pem req3.pem +\& openssl ca \-infiles req1.pem req2.pem req3.pem .Ve .PP Certify a Netscape \s-1SPKAC:\s0 .PP .Vb 1 -\& openssl ca -spkac spkac.txt +\& openssl ca \-spkac spkac.txt .Ve .PP A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): @@ -603,43 +602,29 @@ A sample configuration file with the relevant sections for \fBca\fR: .Vb 2 \& [ ca ] \& default_ca = CA_default # The default ca section -.Ve -.PP -.Vb 1 +\& \& [ CA_default ] -.Ve -.PP -.Vb 3 +\& \& dir = ./demoCA # top dir \& database = $dir/index.txt # index file. \& new_certs_dir = $dir/newcerts # new certs dir -.Ve -.PP -.Vb 4 +\& \& certificate = $dir/cacert.pem # The CA cert \& serial = $dir/serial # serial no file \& private_key = $dir/private/cakey.pem# CA private key \& RANDFILE = $dir/private/.rand # random number file -.Ve -.PP -.Vb 3 +\& \& default_days = 365 # how long to certify for \& default_crl_days= 30 # how long before next CRL \& default_md = md5 # md to use -.Ve -.PP -.Vb 2 +\& \& policy = policy_any # default policy -\& email_in_dn = no # Don't add the email into cert DN -.Ve -.PP -.Vb 3 +\& email_in_dn = no # Don\*(Aqt add the email into cert DN +\& \& name_opt = ca_default # Subject name display option \& cert_opt = ca_default # Certificate display option -\& copy_extensions = none # Don't copy extensions from request -.Ve -.PP -.Vb 7 +\& copy_extensions = none # Don\*(Aqt copy extensions from request +\& \& [ policy_any ] \& countryName = supplied \& stateOrProvinceName = optional @@ -655,16 +640,16 @@ configuration file entries, environment variables or command line options. The values below reflect the default values. .PP .Vb 10 -\& /usr/local/ssl/lib/openssl.cnf - master configuration file -\& ./demoCA - main CA directory -\& ./demoCA/cacert.pem - CA certificate -\& ./demoCA/private/cakey.pem - CA private key -\& ./demoCA/serial - CA serial number file -\& ./demoCA/serial.old - CA serial number backup file -\& ./demoCA/index.txt - CA text database file -\& ./demoCA/index.txt.old - CA text database backup file -\& ./demoCA/certs - certificate output file -\& ./demoCA/.rnd - CA random seed information +\& /usr/local/ssl/lib/openssl.cnf \- master configuration file +\& ./demoCA \- main CA directory +\& ./demoCA/cacert.pem \- CA certificate +\& ./demoCA/private/cakey.pem \- CA private key +\& ./demoCA/serial \- CA serial number file +\& ./demoCA/serial.old \- CA serial number backup file +\& ./demoCA/index.txt \- CA text database file +\& ./demoCA/index.txt.old \- CA text database backup file +\& ./demoCA/certs \- certificate output file +\& ./demoCA/.rnd \- CA random seed information .Ve .SH "ENVIRONMENT VARIABLES" .IX Header "ENVIRONMENT VARIABLES" |