x509.pod revision 325337
1 2=pod 3 4=head1 NAME 5 6openssl-x509, 7x509 - Certificate display and signing utility 8 9=head1 SYNOPSIS 10 11B<openssl> B<x509> 12[B<-inform DER|PEM|NET>] 13[B<-outform DER|PEM|NET>] 14[B<-keyform DER|PEM>] 15[B<-CAform DER|PEM>] 16[B<-CAkeyform DER|PEM>] 17[B<-in filename>] 18[B<-out filename>] 19[B<-serial>] 20[B<-hash>] 21[B<-subject_hash>] 22[B<-issuer_hash>] 23[B<-ocspid>] 24[B<-subject>] 25[B<-issuer>] 26[B<-nameopt option>] 27[B<-email>] 28[B<-ocsp_uri>] 29[B<-startdate>] 30[B<-enddate>] 31[B<-purpose>] 32[B<-dates>] 33[B<-checkend num>] 34[B<-modulus>] 35[B<-pubkey>] 36[B<-fingerprint>] 37[B<-alias>] 38[B<-noout>] 39[B<-trustout>] 40[B<-clrtrust>] 41[B<-clrreject>] 42[B<-addtrust arg>] 43[B<-addreject arg>] 44[B<-setalias arg>] 45[B<-days arg>] 46[B<-set_serial n>] 47[B<-signkey filename>] 48[B<-passin arg>] 49[B<-x509toreq>] 50[B<-req>] 51[B<-CA filename>] 52[B<-CAkey filename>] 53[B<-CAcreateserial>] 54[B<-CAserial filename>] 55[B<-force_pubkey key>] 56[B<-text>] 57[B<-certopt option>] 58[B<-C>] 59[B<-md2|-md5|-sha1|-mdc2>] 60[B<-clrext>] 61[B<-extfile filename>] 62[B<-extensions section>] 63[B<-engine id>] 64 65=head1 DESCRIPTION 66 67The B<x509> command is a multi purpose certificate utility. It can be 68used to display certificate information, convert certificates to 69various forms, sign certificate requests like a "mini CA" or edit 70certificate trust settings. 71 72Since there are a large number of options they will split up into 73various sections. 74 75=head1 OPTIONS 76 77=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS 78 79=over 4 80 81=item B<-inform DER|PEM|NET> 82 83This specifies the input format normally the command will expect an X509 84certificate but this can change if other options such as B<-req> are 85present. The DER format is the DER encoding of the certificate and PEM 86is the base64 encoding of the DER encoding with header and footer lines 87added. The NET option is an obscure Netscape server format that is now 88obsolete. 89 90=item B<-outform DER|PEM|NET> 91 92This specifies the output format, the options have the same meaning as the 93B<-inform> option. 94 95=item B<-in filename> 96 97This specifies the input filename to read a certificate from or standard input 98if this option is not specified. 99 100=item B<-out filename> 101 102This specifies the output filename to write to or standard output by 103default. 104 105=item B<-md2|-md5|-sha1|-mdc2> 106 107the digest to use. This affects any signing or display option that uses a message 108digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not 109specified then SHA1 is used. If the key being used to sign with is a DSA key 110then this option has no effect: SHA1 is always used with DSA keys. 111 112=item B<-engine id> 113 114specifying an engine (by its unique B<id> string) will cause B<x509> 115to attempt to obtain a functional reference to the specified engine, 116thus initialising it if needed. The engine will then be set as the default 117for all available algorithms. 118 119=back 120 121=head2 DISPLAY OPTIONS 122 123Note: the B<-alias> and B<-purpose> options are also display options 124but are described in the B<TRUST SETTINGS> section. 125 126=over 4 127 128=item B<-text> 129 130prints out the certificate in text form. Full details are output including the 131public key, signature algorithms, issuer and subject names, serial number 132any extensions present and any trust settings. 133 134=item B<-certopt option> 135 136customise the output format used with B<-text>. The B<option> argument can be 137a single option or multiple options separated by commas. The B<-certopt> switch 138may be also be used more than once to set multiple options. See the B<TEXT OPTIONS> 139section for more information. 140 141=item B<-noout> 142 143this option prevents output of the encoded version of the request. 144 145=item B<-pubkey> 146 147outputs the certificate's SubjectPublicKeyInfo block in PEM format. 148 149=item B<-modulus> 150 151this option prints out the value of the modulus of the public key 152contained in the certificate. 153 154=item B<-serial> 155 156outputs the certificate serial number. 157 158=item B<-subject_hash> 159 160outputs the "hash" of the certificate subject name. This is used in OpenSSL to 161form an index to allow certificates in a directory to be looked up by subject 162name. 163 164=item B<-issuer_hash> 165 166outputs the "hash" of the certificate issuer name. 167 168=item B<-ocspid> 169 170outputs the OCSP hash values for the subject name and public key. 171 172=item B<-hash> 173 174synonym for "-subject_hash" for backward compatibility reasons. 175 176=item B<-subject_hash_old> 177 178outputs the "hash" of the certificate subject name using the older algorithm 179as used by OpenSSL versions before 1.0.0. 180 181=item B<-issuer_hash_old> 182 183outputs the "hash" of the certificate issuer name using the older algorithm 184as used by OpenSSL versions before 1.0.0. 185 186=item B<-subject> 187 188outputs the subject name. 189 190=item B<-issuer> 191 192outputs the issuer name. 193 194=item B<-nameopt option> 195 196option which determines how the subject or issuer names are displayed. The 197B<option> argument can be a single option or multiple options separated by 198commas. Alternatively the B<-nameopt> switch may be used more than once to 199set multiple options. See the B<NAME OPTIONS> section for more information. 200 201=item B<-email> 202 203outputs the email address(es) if any. 204 205=item B<-ocsp_uri> 206 207outputs the OCSP responder address(es) if any. 208 209=item B<-startdate> 210 211prints out the start date of the certificate, that is the notBefore date. 212 213=item B<-enddate> 214 215prints out the expiry date of the certificate, that is the notAfter date. 216 217=item B<-dates> 218 219prints out the start and expiry dates of a certificate. 220 221=item B<-checkend arg> 222 223checks if the certificate expires within the next B<arg> seconds and exits 224non-zero if yes it will expire or zero if not. 225 226=item B<-fingerprint> 227 228prints out the digest of the DER encoded version of the whole certificate 229(see digest options). 230 231=item B<-C> 232 233this outputs the certificate in the form of a C source file. 234 235=back 236 237=head2 TRUST SETTINGS 238 239Please note these options are currently experimental and may well change. 240 241A B<trusted certificate> is an ordinary certificate which has several 242additional pieces of information attached to it such as the permitted 243and prohibited uses of the certificate and an "alias". 244 245Normally when a certificate is being verified at least one certificate 246must be "trusted". By default a trusted certificate must be stored 247locally and must be a root CA: any certificate chain ending in this CA 248is then usable for any purpose. 249 250Trust settings currently are only used with a root CA. They allow a finer 251control over the purposes the root CA can be used for. For example a CA 252may be trusted for SSL client but not SSL server use. 253 254See the description of the B<verify> utility for more information on the 255meaning of trust settings. 256 257Future versions of OpenSSL will recognize trust settings on any 258certificate: not just root CAs. 259 260 261=over 4 262 263=item B<-trustout> 264 265this causes B<x509> to output a B<trusted> certificate. An ordinary 266or trusted certificate can be input but by default an ordinary 267certificate is output and any trust settings are discarded. With the 268B<-trustout> option a trusted certificate is output. A trusted 269certificate is automatically output if any trust settings are modified. 270 271=item B<-setalias arg> 272 273sets the alias of the certificate. This will allow the certificate 274to be referred to using a nickname for example "Steve's Certificate". 275 276=item B<-alias> 277 278outputs the certificate alias, if any. 279 280=item B<-clrtrust> 281 282clears all the permitted or trusted uses of the certificate. 283 284=item B<-clrreject> 285 286clears all the prohibited or rejected uses of the certificate. 287 288=item B<-addtrust arg> 289 290adds a trusted certificate use. Any object name can be used here 291but currently only B<clientAuth> (SSL client use), B<serverAuth> 292(SSL server use) and B<emailProtection> (S/MIME email) are used. 293Other OpenSSL applications may define additional uses. 294 295=item B<-addreject arg> 296 297adds a prohibited use. It accepts the same values as the B<-addtrust> 298option. 299 300=item B<-purpose> 301 302this option performs tests on the certificate extensions and outputs 303the results. For a more complete description see the B<CERTIFICATE 304EXTENSIONS> section. 305 306=back 307 308=head2 SIGNING OPTIONS 309 310The B<x509> utility can be used to sign certificates and requests: it 311can thus behave like a "mini CA". 312 313=over 4 314 315=item B<-signkey filename> 316 317this option causes the input file to be self signed using the supplied 318private key. 319 320If the input file is a certificate it sets the issuer name to the 321subject name (i.e. makes it self signed) changes the public key to the 322supplied value and changes the start and end dates. The start date is 323set to the current time and the end date is set to a value determined 324by the B<-days> option. Any certificate extensions are retained unless 325the B<-clrext> option is supplied. 326 327If the input is a certificate request then a self signed certificate 328is created using the supplied private key using the subject name in 329the request. 330 331=item B<-passin arg> 332 333the key password source. For more information about the format of B<arg> 334see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 335 336=item B<-clrext> 337 338delete any extensions from a certificate. This option is used when a 339certificate is being created from another certificate (for example with 340the B<-signkey> or the B<-CA> options). Normally all extensions are 341retained. 342 343=item B<-keyform PEM|DER> 344 345specifies the format (DER or PEM) of the private key file used in the 346B<-signkey> option. 347 348=item B<-days arg> 349 350specifies the number of days to make a certificate valid for. The default 351is 30 days. 352 353=item B<-x509toreq> 354 355converts a certificate into a certificate request. The B<-signkey> option 356is used to pass the required private key. 357 358=item B<-req> 359 360by default a certificate is expected on input. With this option a 361certificate request is expected instead. 362 363=item B<-set_serial n> 364 365specifies the serial number to use. This option can be used with either 366the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA> 367option the serial number file (as specified by the B<-CAserial> or 368B<-CAcreateserial> options) is not used. 369 370The serial number can be decimal or hex (if preceded by B<0x>). Negative 371serial numbers can also be specified but their use is not recommended. 372 373=item B<-CA filename> 374 375specifies the CA certificate to be used for signing. When this option is 376present B<x509> behaves like a "mini CA". The input file is signed by this 377CA using this option: that is its issuer name is set to the subject name 378of the CA and it is digitally signed using the CAs private key. 379 380This option is normally combined with the B<-req> option. Without the 381B<-req> option the input is a certificate which must be self signed. 382 383=item B<-CAkey filename> 384 385sets the CA private key to sign a certificate with. If this option is 386not specified then it is assumed that the CA private key is present in 387the CA certificate file. 388 389=item B<-CAserial filename> 390 391sets the CA serial number file to use. 392 393When the B<-CA> option is used to sign a certificate it uses a serial 394number specified in a file. This file consist of one line containing 395an even number of hex digits with the serial number to use. After each 396use the serial number is incremented and written out to the file again. 397 398The default filename consists of the CA certificate file base name with 399".srl" appended. For example if the CA certificate file is called 400"mycacert.pem" it expects to find a serial number file called "mycacert.srl". 401 402=item B<-CAcreateserial> 403 404with this option the CA serial number file is created if it does not exist: 405it will contain the serial number "02" and the certificate being signed will 406have the 1 as its serial number. Normally if the B<-CA> option is specified 407and the serial number file does not exist it is an error. 408 409=item B<-extfile filename> 410 411file containing certificate extensions to use. If not specified then 412no extensions are added to the certificate. 413 414=item B<-extensions section> 415 416the section to add certificate extensions from. If this option is not 417specified then the extensions should either be contained in the unnamed 418(default) section or the default section should contain a variable called 419"extensions" which contains the section to use. See the 420L<x509v3_config(5)|x509v3_config(5)> manual page for details of the 421extension section format. 422 423=item B<-force_pubkey key> 424 425when a certificate is created set its public key to B<key> instead of the 426key in the certificate or certificate request. This option is useful for 427creating certificates where the algorithm can't normally sign requests, for 428example DH. 429 430The format or B<key> can be specified using the B<-keyform> option. 431 432=back 433 434=head2 NAME OPTIONS 435 436The B<nameopt> command line switch determines how the subject and issuer 437names are displayed. If no B<nameopt> switch is present the default "oneline" 438format is used which is compatible with previous versions of OpenSSL. 439Each option is described in detail below, all options can be preceded by 440a B<-> to turn the option off. Only the first four will normally be used. 441 442=over 4 443 444=item B<compat> 445 446use the old format. This is equivalent to specifying no name options at all. 447 448=item B<RFC2253> 449 450displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>, 451B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>, 452B<sep_comma_plus>, B<dn_rev> and B<sname>. 453 454=item B<oneline> 455 456a oneline format which is more readable than RFC2253. It is equivalent to 457specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>, 458B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname> 459options. 460 461=item B<multiline> 462 463a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, 464B<space_eq>, B<lname> and B<align>. 465 466=item B<esc_2253> 467 468escape the "special" characters required by RFC2253 in a field That is 469B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string 470and a space character at the beginning or end of a string. 471 472=item B<esc_ctrl> 473 474escape control characters. That is those with ASCII values less than 4750x20 (space) and the delete (0x7f) character. They are escaped using the 476RFC2253 \XX notation (where XX are two hex digits representing the 477character value). 478 479=item B<esc_msb> 480 481escape characters with the MSB set, that is with ASCII values larger than 482127. 483 484=item B<use_quote> 485 486escapes some characters by surrounding the whole string with B<"> characters, 487without the option all escaping is done with the B<\> character. 488 489=item B<utf8> 490 491convert all strings to UTF8 format first. This is required by RFC2253. If 492you are lucky enough to have a UTF8 compatible terminal then the use 493of this option (and B<not> setting B<esc_msb>) may result in the correct 494display of multibyte (international) characters. Is this option is not 495present then multibyte characters larger than 0xff will be represented 496using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits. 497Also if this option is off any UTF8Strings will be converted to their 498character form first. 499 500=item B<ignore_type> 501 502this option does not attempt to interpret multibyte characters in any 503way. That is their content octets are merely dumped as though one octet 504represents each character. This is useful for diagnostic purposes but 505will result in rather odd looking output. 506 507=item B<show_type> 508 509show the type of the ASN1 character string. The type precedes the 510field contents. For example "BMPSTRING: Hello World". 511 512=item B<dump_der> 513 514when this option is set any fields that need to be hexdumped will 515be dumped using the DER encoding of the field. Otherwise just the 516content octets will be displayed. Both options use the RFC2253 517B<#XXXX...> format. 518 519=item B<dump_nostr> 520 521dump non character string types (for example OCTET STRING) if this 522option is not set then non character string types will be displayed 523as though each content octet represents a single character. 524 525=item B<dump_all> 526 527dump all fields. This option when used with B<dump_der> allows the 528DER encoding of the structure to be unambiguously determined. 529 530=item B<dump_unknown> 531 532dump any field whose OID is not recognised by OpenSSL. 533 534=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>, 535B<sep_multiline> 536 537these options determine the field separators. The first character is 538between RDNs and the second between multiple AVAs (multiple AVAs are 539very rare and their use is discouraged). The options ending in 540"space" additionally place a space after the separator to make it 541more readable. The B<sep_multiline> uses a linefeed character for 542the RDN separator and a spaced B<+> for the AVA separator. It also 543indents the fields by four characters. If no field separator is specified 544then B<sep_comma_plus_space> is used by default. 545 546=item B<dn_rev> 547 548reverse the fields of the DN. This is required by RFC2253. As a side 549effect this also reverses the order of multiple AVAs but this is 550permissible. 551 552=item B<nofname>, B<sname>, B<lname>, B<oid> 553 554these options alter how the field name is displayed. B<nofname> does 555not display the field at all. B<sname> uses the "short name" form 556(CN for commonName for example). B<lname> uses the long form. 557B<oid> represents the OID in numerical form and is useful for 558diagnostic purpose. 559 560=item B<align> 561 562align field values for a more readable output. Only usable with 563B<sep_multiline>. 564 565=item B<space_eq> 566 567places spaces round the B<=> character which follows the field 568name. 569 570=back 571 572=head2 TEXT OPTIONS 573 574As well as customising the name output format, it is also possible to 575customise the actual fields printed using the B<certopt> options when 576the B<text> option is present. The default behaviour is to print all fields. 577 578=over 4 579 580=item B<compatible> 581 582use the old format. This is equivalent to specifying no output options at all. 583 584=item B<no_header> 585 586don't print header information: that is the lines saying "Certificate" and "Data". 587 588=item B<no_version> 589 590don't print out the version number. 591 592=item B<no_serial> 593 594don't print out the serial number. 595 596=item B<no_signame> 597 598don't print out the signature algorithm used. 599 600=item B<no_validity> 601 602don't print the validity, that is the B<notBefore> and B<notAfter> fields. 603 604=item B<no_subject> 605 606don't print out the subject name. 607 608=item B<no_issuer> 609 610don't print out the issuer name. 611 612=item B<no_pubkey> 613 614don't print out the public key. 615 616=item B<no_sigdump> 617 618don't give a hexadecimal dump of the certificate signature. 619 620=item B<no_aux> 621 622don't print out certificate trust information. 623 624=item B<no_extensions> 625 626don't print out any X509V3 extensions. 627 628=item B<ext_default> 629 630retain default extension behaviour: attempt to print out unsupported certificate extensions. 631 632=item B<ext_error> 633 634print an error message for unsupported certificate extensions. 635 636=item B<ext_parse> 637 638ASN1 parse unsupported extensions. 639 640=item B<ext_dump> 641 642hex dump unsupported extensions. 643 644=item B<ca_default> 645 646the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, 647B<no_header>, and B<no_version>. 648 649=back 650 651=head1 EXAMPLES 652 653Note: in these examples the '\' means the example should be all on one 654line. 655 656Display the contents of a certificate: 657 658 openssl x509 -in cert.pem -noout -text 659 660Display the certificate serial number: 661 662 openssl x509 -in cert.pem -noout -serial 663 664Display the certificate subject name: 665 666 openssl x509 -in cert.pem -noout -subject 667 668Display the certificate subject name in RFC2253 form: 669 670 openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 671 672Display the certificate subject name in oneline form on a terminal 673supporting UTF8: 674 675 openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb 676 677Display the certificate MD5 fingerprint: 678 679 openssl x509 -in cert.pem -noout -fingerprint 680 681Display the certificate SHA1 fingerprint: 682 683 openssl x509 -sha1 -in cert.pem -noout -fingerprint 684 685Convert a certificate from PEM to DER format: 686 687 openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER 688 689Convert a certificate to a certificate request: 690 691 openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem 692 693Convert a certificate request into a self signed certificate using 694extensions for a CA: 695 696 openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \ 697 -signkey key.pem -out cacert.pem 698 699Sign a certificate request using the CA certificate above and add user 700certificate extensions: 701 702 openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \ 703 -CA cacert.pem -CAkey key.pem -CAcreateserial 704 705 706Set a certificate to be trusted for SSL client use and change set its alias to 707"Steve's Class 1 CA" 708 709 openssl x509 -in cert.pem -addtrust clientAuth \ 710 -setalias "Steve's Class 1 CA" -out trust.pem 711 712=head1 NOTES 713 714The PEM format uses the header and footer lines: 715 716 -----BEGIN CERTIFICATE----- 717 -----END CERTIFICATE----- 718 719it will also handle files containing: 720 721 -----BEGIN X509 CERTIFICATE----- 722 -----END X509 CERTIFICATE----- 723 724Trusted certificates have the lines 725 726 -----BEGIN TRUSTED CERTIFICATE----- 727 -----END TRUSTED CERTIFICATE----- 728 729The conversion to UTF8 format used with the name options assumes that 730T61Strings use the ISO8859-1 character set. This is wrong but Netscape 731and MSIE do this as do many certificates. So although this is incorrect 732it is more likely to display the majority of certificates correctly. 733 734The B<-fingerprint> option takes the digest of the DER encoded certificate. 735This is commonly called a "fingerprint". Because of the nature of message 736digests the fingerprint of a certificate is unique to that certificate and 737two certificates with the same fingerprint can be considered to be the same. 738 739The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. 740 741The B<-email> option searches the subject name and the subject alternative 742name extension. Only unique email addresses will be printed out: it will 743not print the same address more than once. 744 745=head1 CERTIFICATE EXTENSIONS 746 747The B<-purpose> option checks the certificate extensions and determines 748what the certificate can be used for. The actual checks done are rather 749complex and include various hacks and workarounds to handle broken 750certificates and software. 751 752The same code is used when verifying untrusted certificates in chains 753so this section is useful if a chain is rejected by the verify code. 754 755The basicConstraints extension CA flag is used to determine whether the 756certificate can be used as a CA. If the CA flag is true then it is a CA, 757if the CA flag is false then it is not a CA. B<All> CAs should have the 758CA flag set to true. 759 760If the basicConstraints extension is absent then the certificate is 761considered to be a "possible CA" other extensions are checked according 762to the intended use of the certificate. A warning is given in this case 763because the certificate should really not be regarded as a CA: however 764it is allowed to be a CA to work around some broken software. 765 766If the certificate is a V1 certificate (and thus has no extensions) and 767it is self signed it is also assumed to be a CA but a warning is again 768given: this is to work around the problem of Verisign roots which are V1 769self signed certificates. 770 771If the keyUsage extension is present then additional restraints are 772made on the uses of the certificate. A CA certificate B<must> have the 773keyCertSign bit set if the keyUsage extension is present. 774 775The extended key usage extension places additional restrictions on the 776certificate uses. If this extension is present (whether critical or not) 777the key can only be used for the purposes specified. 778 779A complete description of each test is given below. The comments about 780basicConstraints and keyUsage and V1 certificates above apply to B<all> 781CA certificates. 782 783 784=over 4 785 786=item B<SSL Client> 787 788The extended key usage extension must be absent or include the "web client 789authentication" OID. keyUsage must be absent or it must have the 790digitalSignature bit set. Netscape certificate type must be absent or it must 791have the SSL client bit set. 792 793=item B<SSL Client CA> 794 795The extended key usage extension must be absent or include the "web client 796authentication" OID. Netscape certificate type must be absent or it must have 797the SSL CA bit set: this is used as a work around if the basicConstraints 798extension is absent. 799 800=item B<SSL Server> 801 802The extended key usage extension must be absent or include the "web server 803authentication" and/or one of the SGC OIDs. keyUsage must be absent or it 804must have the digitalSignature, the keyEncipherment set or both bits set. 805Netscape certificate type must be absent or have the SSL server bit set. 806 807=item B<SSL Server CA> 808 809The extended key usage extension must be absent or include the "web server 810authentication" and/or one of the SGC OIDs. Netscape certificate type must 811be absent or the SSL CA bit must be set: this is used as a work around if the 812basicConstraints extension is absent. 813 814=item B<Netscape SSL Server> 815 816For Netscape SSL clients to connect to an SSL server it must have the 817keyEncipherment bit set if the keyUsage extension is present. This isn't 818always valid because some cipher suites use the key for digital signing. 819Otherwise it is the same as a normal SSL server. 820 821=item B<Common S/MIME Client Tests> 822 823The extended key usage extension must be absent or include the "email 824protection" OID. Netscape certificate type must be absent or should have the 825S/MIME bit set. If the S/MIME bit is not set in netscape certificate type 826then the SSL client bit is tolerated as an alternative but a warning is shown: 827this is because some Verisign certificates don't set the S/MIME bit. 828 829=item B<S/MIME Signing> 830 831In addition to the common S/MIME client tests the digitalSignature bit must 832be set if the keyUsage extension is present. 833 834=item B<S/MIME Encryption> 835 836In addition to the common S/MIME tests the keyEncipherment bit must be set 837if the keyUsage extension is present. 838 839=item B<S/MIME CA> 840 841The extended key usage extension must be absent or include the "email 842protection" OID. Netscape certificate type must be absent or must have the 843S/MIME CA bit set: this is used as a work around if the basicConstraints 844extension is absent. 845 846=item B<CRL Signing> 847 848The keyUsage extension must be absent or it must have the CRL signing bit 849set. 850 851=item B<CRL Signing CA> 852 853The normal CA tests apply. Except in this case the basicConstraints extension 854must be present. 855 856=back 857 858=head1 BUGS 859 860Extensions in certificates are not transferred to certificate requests and 861vice versa. 862 863It is possible to produce invalid certificates or requests by specifying the 864wrong private key or using inconsistent options in some cases: these should 865be checked. 866 867There should be options to explicitly set such things as start and end 868dates rather than an offset from the current time. 869 870The code to implement the verify behaviour described in the B<TRUST SETTINGS> 871is currently being developed. It thus describes the intended behaviour rather 872than the current behaviour. It is hoped that it will represent reality in 873OpenSSL 0.9.5 and later. 874 875=head1 SEE ALSO 876 877L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, 878L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>, 879L<x509v3_config(5)|x509v3_config(5)> 880 881=head1 HISTORY 882 883Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. 884 885The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options 886before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding 887of the distinguished name. In OpenSSL 1.0.0 and later it is based on a 888canonical version of the DN using SHA1. This means that any directories using 889the old form must have their links rebuilt using B<c_rehash> or similar. 890 891=cut 892