X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fx509.pod;h=2b3cf286104f9defa7dee841344e1a8766fed3b5;hp=0b53fb1cf88ab6069d86e25c42527a283b7e89ef;hb=12bdb643756d829569bb903e5b806613ff975ccb;hpb=a8c125550ca0714b5f7eeb8f7e6e6a06b356fb64 diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 0b53fb1cf8..2b3cf28610 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -17,6 +17,8 @@ B B [B<-out filename>] [B<-serial>] [B<-hash>] +[B<-subject_hash>] +[B<-issuer_hash>] [B<-subject>] [B<-issuer>] [B<-nameopt option>] @@ -50,6 +52,7 @@ B B [B<-clrext>] [B<-extfile filename>] [B<-extensions section>] +[B<-engine id>] =head1 DESCRIPTION @@ -61,8 +64,9 @@ certificate trust settings. Since there are a large number of options they will split up into various sections. +=head1 OPTIONS -=head1 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS +=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS =over 4 @@ -94,16 +98,22 @@ default. the digest to use. This affects any signing or display option that uses a message digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not -specified then MD5 is used. If the key being used to sign with is a DSA key then -this option has no effect: SHA1 is always used with DSA keys. +specified then SHA1 is used. If the key being used to sign with is a DSA key +then this option has no effect: SHA1 is always used with DSA keys. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back -=head1 DISPLAY OPTIONS +=head2 DISPLAY OPTIONS Note: the B<-alias> and B<-purpose> options are also display options -but are described in the B section. +but are described in the B section. =over 4 @@ -133,12 +143,20 @@ contained in the certificate. outputs the certificate serial number. -=item B<-hash> +=item B<-subject_hash> outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name. +=item B<-issuer_hash> + +outputs the "hash" of the certificate issuer name. + +=item B<-hash> + +synonym for "-hash" for backward compatibility reasons. + =item B<-subject> outputs the subject name. @@ -181,7 +199,7 @@ this outputs the certificate in the form of a C source file. =back -=head1 TRUST SETTINGS +=head2 TRUST SETTINGS Please note these options are currently experimental and may well change. @@ -252,7 +270,7 @@ EXTENSIONS> section. =back -=head1 SIGNING OPTIONS +=head2 SIGNING OPTIONS The B utility can be used to sign certificates and requests: it can thus behave like a "mini CA". @@ -362,7 +380,7 @@ specified then the extensions should either be contained in the unnamed =back -=head1 NAME OPTIONS +=head2 NAME OPTIONS The B command line switch determines how the subject and issuer names are displayed. If no B switch is present the default "oneline" @@ -499,7 +517,7 @@ name. =back -=head1 TEXT OPTIONS +=head2 TEXT OPTIONS As well as customising the name output format, it is also possible to customise the actual fields printed using the B options when @@ -636,8 +654,8 @@ certificate extensions: Set a certificate to be trusted for SSL client use and change set its alias to "Steve's Class 1 CA" - openssl x509 -in cert.pem -addtrust sslclient \ - -alias "Steve's Class 1 CA" -out trust.pem + openssl x509 -in cert.pem -addtrust clientAuth \ + -setalias "Steve's Class 1 CA" -out trust.pem =head1 NOTES