X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fx509.pod;h=b127182bbbf11519025e8ac2bc7ad880af8cc00a;hp=52ac949b18816baf4b4572e032931d79c46712e7;hb=657e60fa00ddde3618600d6306be913214d30457;hpb=dd46d58f65bd3a342bbcd8586680942be643fc7d diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 52ac949b18..b127182bbb 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -179,7 +179,7 @@ may be trusted for SSL client but not SSL server use. See the description of the B utility for more information on the meaning of trust settings. -Future versions of OpenSSL will recognise trust settings on any +Future versions of OpenSSL will recognize trust settings on any certificate: not just root CAs. @@ -311,8 +311,9 @@ The default filename consists of the CA certificate file base name with =item B<-CAcreateserial filename> with this option the CA serial number file is created if it does not exist: -it will contain the serial number "01". Normally if the B<-CA> option is -specified and the serial number file does not exist it is an error. +it will contain the serial number "02" and the certificate being signed will +have the 1 as its serial number. Normally if the B<-CA> option is specified +and the serial number file does not exist it is an error. =item B<-extfile filename> @@ -335,46 +336,46 @@ line. Display the contents of a certificate: - openssl x509 -in cert.pem -noout -text + openssl x509 -in cert.pem -noout -text Display the certificate serial number: - openssl x509 -in cert.pem -noout -serial + openssl x509 -in cert.pem -noout -serial Display the certificate MD5 fingerprint: - openssl x509 -in cert.pem -noout -fingerprint + openssl x509 -in cert.pem -noout -fingerprint Display the certificate SHA1 fingerprint: - openssl x509 -sha1 -in cert.pem -noout -fingerprint + openssl x509 -sha1 -in cert.pem -noout -fingerprint Convert a certificate from PEM to DER format: - openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER + openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER Convert a certificate to a certificate request: - openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem + openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem Convert a certificate request into a self signed certificate using extensions for a CA: - openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \ - -signkey key.pem -out cacert.pem + openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \ + -signkey key.pem -out cacert.pem Sign a certificate request using the CA certificate above and add user certificate extensions: - openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \ - -CA cacert.pem -CAkey key.pem -CAcreateserial + openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \ + -CA cacert.pem -CAkey key.pem -CAcreateserial Set a certificate to be trusted for SSL client use and change set its alias to "Steve's Class 1 CA" - openssl x509 -in cert.pem -addtrust sslclient \ - -alias "Steve's Class 1 CA" -out trust.pem + openssl x509 -in cert.pem -addtrust sslclient \ + -alias "Steve's Class 1 CA" -out trust.pem =head1 NOTES @@ -536,6 +537,7 @@ OpenSSL 0.9.5 and later. =head1 SEE ALSO -req(1), ca(1), genrsa(1), gendsa(1), verify(1) +L, L, L, +L, L =cut