summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/x509.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/x509.1')
-rw-r--r--secure/usr.bin/openssl/man/x509.1101
1 files changed, 50 insertions, 51 deletions
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index 3238a83..34ea002 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -1,15 +1,7 @@
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
.\"
.\" Standard preamble:
.\" ========================================================================
-.de Sh \" Subsection heading
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
@@ -25,11 +17,11 @@
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. | will give a
-.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
-.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
-.\" expand to `' in nroff, nothing in troff, for use with C<>.
-.tr \(*W-|\(bv\*(Tr
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
@@ -48,22 +40,25 @@
. ds R" ''
'br\}
.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.if \nF \{\
+.ie \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
-.\"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.hy 0
-.if n .na
+.el \{\
+. de IX
+..
+.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +124,11 @@
.\" ========================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "2010-03-24" "0.9.8n" "OpenSSL"
+.TH X509 1 "2010-11-16" "0.9.8p" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
.SH "NAME"
x509 \- Certificate display and signing utility
.SH "SYNOPSIS"
@@ -191,7 +190,7 @@ Since there are a large number of options they will split up into
various sections.
.SH "OPTIONS"
.IX Header "OPTIONS"
-.Sh "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0"
+.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0"
.IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS"
.IP "\fB\-inform DER|PEM|NET\fR" 4
.IX Item "-inform DER|PEM|NET"
@@ -225,7 +224,7 @@ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
-.Sh "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
+.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
.IX Subsection "DISPLAY OPTIONS"
Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options
but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section.
@@ -292,7 +291,7 @@ prints out the digest of the \s-1DER\s0 encoded version of the whole certificate
.IP "\fB\-C\fR" 4
.IX Item "-C"
this outputs the certificate in the form of a C source file.
-.Sh "\s-1TRUST\s0 \s-1SETTINGS\s0"
+.SS "\s-1TRUST\s0 \s-1SETTINGS\s0"
.IX Subsection "TRUST SETTINGS"
Please note these options are currently experimental and may well change.
.PP
@@ -349,14 +348,14 @@ option.
this option performs tests on the certificate extensions and outputs
the results. For a more complete description see the \fB\s-1CERTIFICATE\s0
\&\s-1EXTENSIONS\s0\fR section.
-.Sh "\s-1SIGNING\s0 \s-1OPTIONS\s0"
+.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0"
.IX Subsection "SIGNING OPTIONS"
The \fBx509\fR utility can be used to sign certificates and requests: it
can thus behave like a \*(L"mini \s-1CA\s0\*(R".
.IP "\fB\-signkey filename\fR" 4
.IX Item "-signkey filename"
this option causes the input file to be self signed using the supplied
-private key.
+private key.
.Sp
If the input file is a certificate it sets the issuer name to the
subject name (i.e. makes it self signed) changes the public key to the
@@ -441,7 +440,7 @@ the section to add certificate extensions from. If this option is not
specified then the extensions should either be contained in the unnamed
(default) section or the default section should contain a variable called
\&\*(L"extensions\*(R" which contains the section to use.
-.Sh "\s-1NAME\s0 \s-1OPTIONS\s0"
+.SS "\s-1NAME\s0 \s-1OPTIONS\s0"
.IX Subsection "NAME OPTIONS"
The \fBnameopt\fR command line switch determines how the subject and issuer
names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R"
@@ -552,7 +551,7 @@ align field values for a more readable output. Only usable with
.IX Item "space_eq"
places spaces round the \fB=\fR character which follows the field
name.
-.Sh "\s-1TEXT\s0 \s-1OPTIONS\s0"
+.SS "\s-1TEXT\s0 \s-1OPTIONS\s0"
.IX Subsection "TEXT OPTIONS"
As well as customising the name output format, it is also possible to
customise the actual fields printed using the \fBcertopt\fR options when
@@ -617,102 +616,102 @@ line.
Display the contents of a certificate:
.PP
.Vb 1
-\& openssl x509 -in cert.pem -noout -text
+\& openssl x509 \-in cert.pem \-noout \-text
.Ve
.PP
Display the certificate serial number:
.PP
.Vb 1
-\& openssl x509 -in cert.pem -noout -serial
+\& openssl x509 \-in cert.pem \-noout \-serial
.Ve
.PP
Display the certificate subject name:
.PP
.Vb 1
-\& openssl x509 -in cert.pem -noout -subject
+\& openssl x509 \-in cert.pem \-noout \-subject
.Ve
.PP
Display the certificate subject name in \s-1RFC2253\s0 form:
.PP
.Vb 1
-\& openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253
.Ve
.PP
Display the certificate subject name in oneline form on a terminal
supporting \s-1UTF8:\s0
.PP
.Vb 1
-\& openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
+\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb
.Ve
.PP
Display the certificate \s-1MD5\s0 fingerprint:
.PP
.Vb 1
-\& openssl x509 -in cert.pem -noout -fingerprint
+\& openssl x509 \-in cert.pem \-noout \-fingerprint
.Ve
.PP
Display the certificate \s-1SHA1\s0 fingerprint:
.PP
.Vb 1
-\& openssl x509 -sha1 -in cert.pem -noout -fingerprint
+\& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint
.Ve
.PP
Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format:
.PP
.Vb 1
-\& openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+\& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER
.Ve
.PP
Convert a certificate to a certificate request:
.PP
.Vb 1
-\& openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+\& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-signkey key.pem
.Ve
.PP
Convert a certificate request into a self signed certificate using
extensions for a \s-1CA:\s0
.PP
.Vb 2
-\& openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \e
-\& -signkey key.pem -out cacert.pem
+\& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e
+\& \-signkey key.pem \-out cacert.pem
.Ve
.PP
Sign a certificate request using the \s-1CA\s0 certificate above and add user
certificate extensions:
.PP
.Vb 2
-\& openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \e
-\& -CA cacert.pem -CAkey key.pem -CAcreateserial
+\& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e
+\& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial
.Ve
.PP
Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to
\&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
.PP
.Vb 2
-\& openssl x509 -in cert.pem -addtrust clientAuth \e
-\& -setalias "Steve's Class 1 CA" -out trust.pem
+\& openssl x509 \-in cert.pem \-addtrust clientAuth \e
+\& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem
.Ve
.SH "NOTES"
.IX Header "NOTES"
The \s-1PEM\s0 format uses the header and footer lines:
.PP
.Vb 2
-\& -----BEGIN CERTIFICATE-----
-\& -----END CERTIFICATE-----
+\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
.Ve
.PP
it will also handle files containing:
.PP
.Vb 2
-\& -----BEGIN X509 CERTIFICATE-----
-\& -----END X509 CERTIFICATE-----
+\& \-\-\-\-\-BEGIN X509 CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END X509 CERTIFICATE\-\-\-\-\-
.Ve
.PP
Trusted certificates have the lines
.PP
.Vb 2
-\& -----BEGIN TRUSTED CERTIFICATE-----
-\& -----END TRUSTED CERTIFICATE-----
+\& \-\-\-\-\-BEGIN TRUSTED CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END TRUSTED CERTIFICATE\-\-\-\-\-
.Ve
.PP
The conversion to \s-1UTF8\s0 format used with the name options assumes that
@@ -817,7 +816,7 @@ if the keyUsage extension is present.
The extended key usage extension must be absent or include the \*(L"email
protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the
S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
-extension is absent.
+extension is absent.
.IP "\fB\s-1CRL\s0 Signing\fR" 4
.IX Item "CRL Signing"
The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit
OpenPOWER on IntegriCloud