1 2=pod 3 4=head1 NAME 5 6x509 - Certificate display and signing utility 7 8=head1 SYNOPSIS 9 10B<openssl> B<x509> 11[B<-inform DER|PEM|NET>] 12[B<-outform DER|PEM|NET>] 13[B<-keyform DER|PEM>] 14[B<-CAform DER|PEM>] 15[B<-CAkeyform DER|PEM>] 16[B<-in filename>] 17[B<-out filename>] 18[B<-serial>] 19[B<-hash>] 20[B<-subject_hash>] 21[B<-issuer_hash>] 22[B<-ocspid>] 23[B<-subject>] 24[B<-issuer>] 25[B<-nameopt option>] 26[B<-email>] 27[B<-ocsp_uri>] 28[B<-startdate>] 29[B<-enddate>] 30[B<-purpose>] 31[B<-dates>] 32[B<-checkend num>] 33[B<-modulus>] 34[B<-pubkey>] 35[B<-fingerprint>] 36[B<-alias>] 37[B<-noout>] 38[B<-trustout>] 39[B<-clrtrust>] 40[B<-clrreject>] 41[B<-addtrust arg>] 42[B<-addreject arg>] 43[B<-setalias arg>] 44[B<-days arg>] 45[B<-set_serial n>] 46[B<-signkey filename>] 47[B<-passin arg>] 48[B<-x509toreq>] 49[B<-req>] 50[B<-CA filename>] 51[B<-CAkey filename>] 52[B<-CAcreateserial>] 53[B<-CAserial filename>] 54[B<-force_pubkey key>] 55[B<-text>] 56[B<-certopt option>] 57[B<-C>] 58[B<-md2|-md5|-sha1|-mdc2>] 59[B<-clrext>] 60[B<-extfile filename>] 61[B<-extensions section>] 62[B<-engine id>] 63 64=head1 DESCRIPTION 65 66The B<x509> command is a multi purpose certificate utility. It can be 67used to display certificate information, convert certificates to 68various forms, sign certificate requests like a "mini CA" or edit 69certificate trust settings. 70 71Since there are a large number of options they will split up into 72various sections. 73 74=head1 OPTIONS 75 76=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS 77 78=over 4 79 80=item B<-inform DER|PEM|NET> 81 82This specifies the input format normally the command will expect an X509 83certificate but this can change if other options such as B<-req> are 84present. The DER format is the DER encoding of the certificate and PEM 85is the base64 encoding of the DER encoding with header and footer lines 86added. The NET option is an obscure Netscape server format that is now 87obsolete. 88 89=item B<-outform DER|PEM|NET> 90 91This specifies the output format, the options have the same meaning as the 92B<-inform> option. 93 94=item B<-in filename> 95 96This specifies the input filename to read a certificate from or standard input 97if this option is not specified. 98 99=item B<-out filename> 100 101This specifies the output filename to write to or standard output by 102default. 103 104=item B<-md2|-md5|-sha1|-mdc2> 105 106the digest to use. This affects any signing or display option that uses a message 107digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not 108specified then SHA1 is used. If the key being used to sign with is a DSA key 109then this option has no effect: SHA1 is always used with DSA keys. 110 111=item B<-engine id> 112 113specifying an engine (by its unique B<id> string) will cause B<x509> 114to attempt to obtain a functional reference to the specified engine, 115thus initialising it if needed. The engine will then be set as the default 116for all available algorithms. 117 118=back 119 120=head2 DISPLAY OPTIONS 121 122Note: the B<-alias> and B<-purpose> options are also display options 123but are described in the B<TRUST SETTINGS> section. 124 125=over 4 126 127=item B<-text> 128 129prints out the certificate in text form. Full details are output including the 130public key, signature algorithms, issuer and subject names, serial number 131any extensions present and any trust settings. 132 133=item B<-certopt option> 134 135customise the output format used with B<-text>. The B<option> argument can be 136a single option or multiple options separated by commas. The B<-certopt> switch 137may be also be used more than once to set multiple options. See the B<TEXT OPTIONS> 138section for more information. 139 140=item B<-noout> 141 142this option prevents output of the encoded version of the request. 143 144=item B<-pubkey> 145 146outputs the the certificate's SubjectPublicKeyInfo block in PEM format. 147 148=item B<-modulus> 149 150this option prints out the value of the modulus of the public key 151contained in the certificate. 152 153=item B<-serial> 154 155outputs the certificate serial number. 156 157=item B<-subject_hash> 158 159outputs the "hash" of the certificate subject name. This is used in OpenSSL to 160form an index to allow certificates in a directory to be looked up by subject 161name. 162 163=item B<-issuer_hash> 164 165outputs the "hash" of the certificate issuer name. 166 167=item B<-ocspid> 168 169outputs the OCSP hash values for the subject name and public key. 170 171=item B<-hash> 172 173synonym for "-subject_hash" for backward compatibility reasons. 174 175=item B<-subject_hash_old> 176 177outputs the "hash" of the certificate subject name using the older algorithm 178as used by OpenSSL versions before 1.0.0. 179 180=item B<-issuer_hash_old> 181 182outputs the "hash" of the certificate issuer name using the older algorithm 183as used by OpenSSL versions before 1.0.0. 184 185=item B<-subject> 186 187outputs the subject name. 188 189=item B<-issuer> 190 191outputs the issuer name. 192 193=item B<-nameopt option> 194 195option which determines how the subject or issuer names are displayed. The 196B<option> argument can be a single option or multiple options separated by 197commas. Alternatively the B<-nameopt> switch may be used more than once to 198set multiple options. See the B<NAME OPTIONS> section for more information. 199 200=item B<-email> 201 202outputs the email address(es) if any. 203 204=item B<-ocsp_uri> 205 206outputs the OCSP responder address(es) if any. 207 208=item B<-startdate> 209 210prints out the start date of the certificate, that is the notBefore date. 211 212=item B<-enddate> 213 214prints out the expiry date of the certificate, that is the notAfter date. 215 216=item B<-dates> 217 218prints out the start and expiry dates of a certificate. 219 220=item B<-checkend arg> 221 222checks if the certificate expires within the next B<arg> seconds and exits 223non-zero if yes it will expire or zero if not. 224 225=item B<-fingerprint> 226 227prints out the digest of the DER encoded version of the whole certificate 228(see digest options). 229 230=item B<-C> 231 232this outputs the certificate in the form of a C source file. 233 234=back 235 236=head2 TRUST SETTINGS 237 238Please note these options are currently experimental and may well change. 239 240A B<trusted certificate> is an ordinary certificate which has several 241additional pieces of information attached to it such as the permitted 242and prohibited uses of the certificate and an "alias". 243 244Normally when a certificate is being verified at least one certificate 245must be "trusted". By default a trusted certificate must be stored 246locally and must be a root CA: any certificate chain ending in this CA 247is then usable for any purpose. 248 249Trust settings currently are only used with a root CA. They allow a finer 250control over the purposes the root CA can be used for. For example a CA 251may be trusted for SSL client but not SSL server use. 252 253See the description of the B<verify> utility for more information on the 254meaning of trust settings. 255 256Future versions of OpenSSL will recognize trust settings on any 257certificate: not just root CAs. 258 259 260=over 4 261 262=item B<-trustout> 263 264this causes B<x509> to output a B<trusted> certificate. An ordinary 265or trusted certificate can be input but by default an ordinary 266certificate is output and any trust settings are discarded. With the 267B<-trustout> option a trusted certificate is output. A trusted 268certificate is automatically output if any trust settings are modified. 269 270=item B<-setalias arg> 271 272sets the alias of the certificate. This will allow the certificate 273to be referred to using a nickname for example "Steve's Certificate". 274 275=item B<-alias> 276 277outputs the certificate alias, if any. 278 279=item B<-clrtrust> 280 281clears all the permitted or trusted uses of the certificate. 282 283=item B<-clrreject> 284 285clears all the prohibited or rejected uses of the certificate. 286 287=item B<-addtrust arg> 288 289adds a trusted certificate use. Any object name can be used here 290but currently only B<clientAuth> (SSL client use), B<serverAuth> 291(SSL server use) and B<emailProtection> (S/MIME email) are used. 292Other OpenSSL applications may define additional uses. 293 294=item B<-addreject arg> 295 296adds a prohibited use. It accepts the same values as the B<-addtrust> 297option. 298 299=item B<-purpose> 300 301this option performs tests on the certificate extensions and outputs 302the results. For a more complete description see the B<CERTIFICATE 303EXTENSIONS> section. 304 305=back 306 307=head2 SIGNING OPTIONS 308 309The B<x509> utility can be used to sign certificates and requests: it 310can thus behave like a "mini CA". 311 312=over 4 313 314=item B<-signkey filename> 315 316this option causes the input file to be self signed using the supplied 317private key. 318 319If the input file is a certificate it sets the issuer name to the 320subject name (i.e. makes it self signed) changes the public key to the 321supplied value and changes the start and end dates. The start date is 322set to the current time and the end date is set to a value determined 323by the B<-days> option. Any certificate extensions are retained unless 324the B<-clrext> option is supplied. 325 326If the input is a certificate request then a self signed certificate 327is created using the supplied private key using the subject name in 328the request. 329 330=item B<-passin arg> 331 332the key password source. For more information about the format of B<arg> 333see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 334 335=item B<-clrext> 336 337delete any extensions from a certificate. This option is used when a 338certificate is being created from another certificate (for example with 339the B<-signkey> or the B<-CA> options). Normally all extensions are 340retained. 341 342=item B<-keyform PEM|DER> 343 344specifies the format (DER or PEM) of the private key file used in the 345B<-signkey> option. 346 347=item B<-days arg> 348 349specifies the number of days to make a certificate valid for. The default 350is 30 days. 351 352=item B<-x509toreq> 353 354converts a certificate into a certificate request. The B<-signkey> option 355is used to pass the required private key. 356 357=item B<-req> 358 359by default a certificate is expected on input. With this option a 360certificate request is expected instead. 361 362=item B<-set_serial n> 363 364specifies the serial number to use. This option can be used with either 365the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA> 366option the serial number file (as specified by the B<-CAserial> or 367B<-CAcreateserial> options) is not used. 368 369The serial number can be decimal or hex (if preceded by B<0x>). Negative 370serial numbers can also be specified but their use is not recommended. 371 372=item B<-CA filename> 373 374specifies the CA certificate to be used for signing. When this option is 375present B<x509> behaves like a "mini CA". The input file is signed by this 376CA using this option: that is its issuer name is set to the subject name 377of the CA and it is digitally signed using the CAs private key. 378 379This option is normally combined with the B<-req> option. Without the 380B<-req> option the input is a certificate which must be self signed. 381 382=item B<-CAkey filename> 383 384sets the CA private key to sign a certificate with. If this option is 385not specified then it is assumed that the CA private key is present in 386the CA certificate file. 387 388=item B<-CAserial filename> 389 390sets the CA serial number file to use. 391 392When the B<-CA> option is used to sign a certificate it uses a serial 393number specified in a file. This file consist of one line containing 394an even number of hex digits with the serial number to use. After each 395use the serial number is incremented and written out to the file again. 396 397The default filename consists of the CA certificate file base name with 398".srl" appended. For example if the CA certificate file is called 399"mycacert.pem" it expects to find a serial number file called "mycacert.srl". 400 401=item B<-CAcreateserial> 402 403with this option the CA serial number file is created if it does not exist: 404it will contain the serial number "02" and the certificate being signed will 405have the 1 as its serial number. Normally if the B<-CA> option is specified 406and the serial number file does not exist it is an error. 407 408=item B<-extfile filename> 409 410file containing certificate extensions to use. If not specified then 411no extensions are added to the certificate. 412 413=item B<-extensions section> 414 415the section to add certificate extensions from. If this option is not 416specified then the extensions should either be contained in the unnamed 417(default) section or the default section should contain a variable called 418"extensions" which contains the section to use. See the 419L<x509v3_config(5)|x509v3_config(5)> manual page for details of the 420extension section format. 421 422=item B<-force_pubkey key> 423 424when a certificate is created set its public key to B<key> instead of the 425key in the certificate or certificate request. This option is useful for 426creating certificates where the algorithm can't normally sign requests, for 427example DH. 428 429The format or B<key> can be specified using the B<-keyform> option. 430 431=back 432 433=head2 NAME OPTIONS 434 435The B<nameopt> command line switch determines how the subject and issuer 436names are displayed. If no B<nameopt> switch is present the default "oneline" 437format is used which is compatible with previous versions of OpenSSL. 438Each option is described in detail below, all options can be preceded by 439a B<-> to turn the option off. Only the first four will normally be used. 440 441=over 4 442 443=item B<compat> 444 445use the old format. This is equivalent to specifying no name options at all. 446 447=item B<RFC2253> 448 449displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>, 450B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>, 451B<sep_comma_plus>, B<dn_rev> and B<sname>. 452 453=item B<oneline> 454 455a oneline format which is more readable than RFC2253. It is equivalent to 456specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>, 457B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname> 458options. 459 460=item B<multiline> 461 462a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, 463B<space_eq>, B<lname> and B<align>. 464 465=item B<esc_2253> 466 467escape the "special" characters required by RFC2253 in a field That is 468B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string 469and a space character at the beginning or end of a string. 470 471=item B<esc_ctrl> 472 473escape control characters. That is those with ASCII values less than 4740x20 (space) and the delete (0x7f) character. They are escaped using the 475RFC2253 \XX notation (where XX are two hex digits representing the 476character value). 477 478=item B<esc_msb> 479 480escape characters with the MSB set, that is with ASCII values larger than 481127. 482 483=item B<use_quote> 484 485escapes some characters by surrounding the whole string with B<"> characters, 486without the option all escaping is done with the B<\> character. 487 488=item B<utf8> 489 490convert all strings to UTF8 format first. This is required by RFC2253. If 491you are lucky enough to have a UTF8 compatible terminal then the use 492of this option (and B<not> setting B<esc_msb>) may result in the correct 493display of multibyte (international) characters. Is this option is not 494present then multibyte characters larger than 0xff will be represented 495using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits. 496Also if this option is off any UTF8Strings will be converted to their 497character form first. 498 499=item B<ignore_type> 500 501this option does not attempt to interpret multibyte characters in any 502way. That is their content octets are merely dumped as though one octet 503represents each character. This is useful for diagnostic purposes but 504will result in rather odd looking output. 505 506=item B<show_type> 507 508show the type of the ASN1 character string. The type precedes the 509field contents. For example "BMPSTRING: Hello World". 510 511=item B<dump_der> 512 513when this option is set any fields that need to be hexdumped will 514be dumped using the DER encoding of the field. Otherwise just the 515content octets will be displayed. Both options use the RFC2253 516B<#XXXX...> format. 517 518=item B<dump_nostr> 519 520dump non character string types (for example OCTET STRING) if this 521option is not set then non character string types will be displayed 522as though each content octet represents a single character. 523 524=item B<dump_all> 525 526dump all fields. This option when used with B<dump_der> allows the 527DER encoding of the structure to be unambiguously determined. 528 529=item B<dump_unknown> 530 531dump any field whose OID is not recognised by OpenSSL. 532 533=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>, 534B<sep_multiline> 535 536these options determine the field separators. The first character is 537between RDNs and the second between multiple AVAs (multiple AVAs are 538very rare and their use is discouraged). The options ending in 539"space" additionally place a space after the separator to make it 540more readable. The B<sep_multiline> uses a linefeed character for 541the RDN separator and a spaced B<+> for the AVA separator. It also 542indents the fields by four characters. 543 544=item B<dn_rev> 545 546reverse the fields of the DN. This is required by RFC2253. As a side 547effect this also reverses the order of multiple AVAs but this is 548permissible. 549 550=item B<nofname>, B<sname>, B<lname>, B<oid> 551 552these options alter how the field name is displayed. B<nofname> does 553not display the field at all. B<sname> uses the "short name" form 554(CN for commonName for example). B<lname> uses the long form. 555B<oid> represents the OID in numerical form and is useful for 556diagnostic purpose. 557 558=item B<align> 559 560align field values for a more readable output. Only usable with 561B<sep_multiline>. 562 563=item B<space_eq> 564 565places spaces round the B<=> character which follows the field 566name. 567 568=back 569 570=head2 TEXT OPTIONS 571 572As well as customising the name output format, it is also possible to 573customise the actual fields printed using the B<certopt> options when 574the B<text> option is present. The default behaviour is to print all fields. 575 576=over 4 577 578=item B<compatible> 579 580use the old format. This is equivalent to specifying no output options at all. 581 582=item B<no_header> 583 584don't print header information: that is the lines saying "Certificate" and "Data". 585 586=item B<no_version> 587 588don't print out the version number. 589 590=item B<no_serial> 591 592don't print out the serial number. 593 594=item B<no_signame> 595 596don't print out the signature algorithm used. 597 598=item B<no_validity> 599 600don't print the validity, that is the B<notBefore> and B<notAfter> fields. 601 602=item B<no_subject> 603 604don't print out the subject name. 605 606=item B<no_issuer> 607 608don't print out the issuer name. 609 610=item B<no_pubkey> 611 612don't print out the public key. 613 614=item B<no_sigdump> 615 616don't give a hexadecimal dump of the certificate signature. 617 618=item B<no_aux> 619 620don't print out certificate trust information. 621 622=item B<no_extensions> 623 624don't print out any X509V3 extensions. 625 626=item B<ext_default> 627 628retain default extension behaviour: attempt to print out unsupported certificate extensions. 629 630=item B<ext_error> 631 632print an error message for unsupported certificate extensions. 633 634=item B<ext_parse> 635 636ASN1 parse unsupported extensions. 637 638=item B<ext_dump> 639 640hex dump unsupported extensions. 641 642=item B<ca_default> 643 644the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>, 645B<no_version>, B<no_sigdump> and B<no_signame>. 646 647=back 648 649=head1 EXAMPLES 650 651Note: in these examples the '\' means the example should be all on one 652line. 653 654Display the contents of a certificate: 655 656 openssl x509 -in cert.pem -noout -text 657 658Display the certificate serial number: 659 660 openssl x509 -in cert.pem -noout -serial 661 662Display the certificate subject name: 663 664 openssl x509 -in cert.pem -noout -subject 665 666Display the certificate subject name in RFC2253 form: 667 668 openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 669 670Display the certificate subject name in oneline form on a terminal 671supporting UTF8: 672 673 openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb 674 675Display the certificate MD5 fingerprint: 676 677 openssl x509 -in cert.pem -noout -fingerprint 678 679Display the certificate SHA1 fingerprint: 680 681 openssl x509 -sha1 -in cert.pem -noout -fingerprint 682 683Convert a certificate from PEM to DER format: 684 685 openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER 686 687Convert a certificate to a certificate request: 688 689 openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem 690 691Convert a certificate request into a self signed certificate using 692extensions for a CA: 693 694 openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \ 695 -signkey key.pem -out cacert.pem 696 697Sign a certificate request using the CA certificate above and add user 698certificate extensions: 699 700 openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \ 701 -CA cacert.pem -CAkey key.pem -CAcreateserial 702 703 704Set a certificate to be trusted for SSL client use and change set its alias to 705"Steve's Class 1 CA" 706 707 openssl x509 -in cert.pem -addtrust clientAuth \ 708 -setalias "Steve's Class 1 CA" -out trust.pem 709 710=head1 NOTES 711 712The PEM format uses the header and footer lines: 713 714 -----BEGIN CERTIFICATE----- 715 -----END CERTIFICATE----- 716 717it will also handle files containing: 718 719 -----BEGIN X509 CERTIFICATE----- 720 -----END X509 CERTIFICATE----- 721 722Trusted certificates have the lines 723 724 -----BEGIN TRUSTED CERTIFICATE----- 725 -----END TRUSTED CERTIFICATE----- 726 727The conversion to UTF8 format used with the name options assumes that 728T61Strings use the ISO8859-1 character set. This is wrong but Netscape 729and MSIE do this as do many certificates. So although this is incorrect 730it is more likely to display the majority of certificates correctly. 731 732The B<-fingerprint> option takes the digest of the DER encoded certificate. 733This is commonly called a "fingerprint". Because of the nature of message 734digests the fingerprint of a certificate is unique to that certificate and 735two certificates with the same fingerprint can be considered to be the same. 736 737The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. 738 739The B<-email> option searches the subject name and the subject alternative 740name extension. Only unique email addresses will be printed out: it will 741not print the same address more than once. 742 743=head1 CERTIFICATE EXTENSIONS 744 745The B<-purpose> option checks the certificate extensions and determines 746what the certificate can be used for. The actual checks done are rather 747complex and include various hacks and workarounds to handle broken 748certificates and software. 749 750The same code is used when verifying untrusted certificates in chains 751so this section is useful if a chain is rejected by the verify code. 752 753The basicConstraints extension CA flag is used to determine whether the 754certificate can be used as a CA. If the CA flag is true then it is a CA, 755if the CA flag is false then it is not a CA. B<All> CAs should have the 756CA flag set to true. 757 758If the basicConstraints extension is absent then the certificate is 759considered to be a "possible CA" other extensions are checked according 760to the intended use of the certificate. A warning is given in this case 761because the certificate should really not be regarded as a CA: however 762it is allowed to be a CA to work around some broken software. 763 764If the certificate is a V1 certificate (and thus has no extensions) and 765it is self signed it is also assumed to be a CA but a warning is again 766given: this is to work around the problem of Verisign roots which are V1 767self signed certificates. 768 769If the keyUsage extension is present then additional restraints are 770made on the uses of the certificate. A CA certificate B<must> have the 771keyCertSign bit set if the keyUsage extension is present. 772 773The extended key usage extension places additional restrictions on the 774certificate uses. If this extension is present (whether critical or not) 775the key can only be used for the purposes specified. 776 777A complete description of each test is given below. The comments about 778basicConstraints and keyUsage and V1 certificates above apply to B<all> 779CA certificates. 780 781 782=over 4 783 784=item B<SSL Client> 785 786The extended key usage extension must be absent or include the "web client 787authentication" OID. keyUsage must be absent or it must have the 788digitalSignature bit set. Netscape certificate type must be absent or it must 789have the SSL client bit set. 790 791=item B<SSL Client CA> 792 793The extended key usage extension must be absent or include the "web client 794authentication" OID. Netscape certificate type must be absent or it must have 795the SSL CA bit set: this is used as a work around if the basicConstraints 796extension is absent. 797 798=item B<SSL Server> 799 800The extended key usage extension must be absent or include the "web server 801authentication" and/or one of the SGC OIDs. keyUsage must be absent or it 802must have the digitalSignature, the keyEncipherment set or both bits set. 803Netscape certificate type must be absent or have the SSL server bit set. 804 805=item B<SSL Server CA> 806 807The extended key usage extension must be absent or include the "web server 808authentication" and/or one of the SGC OIDs. Netscape certificate type must 809be absent or the SSL CA bit must be set: this is used as a work around if the 810basicConstraints extension is absent. 811 812=item B<Netscape SSL Server> 813 814For Netscape SSL clients to connect to an SSL server it must have the 815keyEncipherment bit set if the keyUsage extension is present. This isn't 816always valid because some cipher suites use the key for digital signing. 817Otherwise it is the same as a normal SSL server. 818 819=item B<Common S/MIME Client Tests> 820 821The extended key usage extension must be absent or include the "email 822protection" OID. Netscape certificate type must be absent or should have the 823S/MIME bit set. If the S/MIME bit is not set in netscape certificate type 824then the SSL client bit is tolerated as an alternative but a warning is shown: 825this is because some Verisign certificates don't set the S/MIME bit. 826 827=item B<S/MIME Signing> 828 829In addition to the common S/MIME client tests the digitalSignature bit must 830be set if the keyUsage extension is present. 831 832=item B<S/MIME Encryption> 833 834In addition to the common S/MIME tests the keyEncipherment bit must be set 835if the keyUsage extension is present. 836 837=item B<S/MIME CA> 838 839The extended key usage extension must be absent or include the "email 840protection" OID. Netscape certificate type must be absent or must have the 841S/MIME CA bit set: this is used as a work around if the basicConstraints 842extension is absent. 843 844=item B<CRL Signing> 845 846The keyUsage extension must be absent or it must have the CRL signing bit 847set. 848 849=item B<CRL Signing CA> 850 851The normal CA tests apply. Except in this case the basicConstraints extension 852must be present. 853 854=back 855 856=head1 BUGS 857 858Extensions in certificates are not transferred to certificate requests and 859vice versa. 860 861It is possible to produce invalid certificates or requests by specifying the 862wrong private key or using inconsistent options in some cases: these should 863be checked. 864 865There should be options to explicitly set such things as start and end 866dates rather than an offset from the current time. 867 868The code to implement the verify behaviour described in the B<TRUST SETTINGS> 869is currently being developed. It thus describes the intended behaviour rather 870than the current behaviour. It is hoped that it will represent reality in 871OpenSSL 0.9.5 and later. 872 873=head1 SEE ALSO 874 875L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, 876L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>, 877L<x509v3_config(5)|x509v3_config(5)> 878 879=head1 HISTORY 880 881Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. 882 883The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options 884before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding 885of the distinguished name. In OpenSSL 1.0.0 and later it is based on a 886canonical version of the DN using SHA1. This means that any directories using 887the old form must have their links rebuilt using B<c_rehash> or similar. 888 889=cut 890