x509.pod revision 331638
1 2=pod 3 4=head1 NAME 5 6openssl-x509, 7x509 - Certificate display and signing utility 8 9=head1 SYNOPSIS 10 11B<openssl> B<x509> 12[B<-inform DER|PEM|NET>] 13[B<-outform DER|PEM|NET>] 14[B<-keyform DER|PEM>] 15[B<-CAform DER|PEM>] 16[B<-CAkeyform DER|PEM>] 17[B<-in filename>] 18[B<-out filename>] 19[B<-serial>] 20[B<-hash>] 21[B<-subject_hash>] 22[B<-issuer_hash>] 23[B<-ocspid>] 24[B<-subject>] 25[B<-issuer>] 26[B<-nameopt option>] 27[B<-email>] 28[B<-ocsp_uri>] 29[B<-startdate>] 30[B<-enddate>] 31[B<-purpose>] 32[B<-dates>] 33[B<-checkend num>] 34[B<-modulus>] 35[B<-pubkey>] 36[B<-fingerprint>] 37[B<-alias>] 38[B<-noout>] 39[B<-trustout>] 40[B<-clrtrust>] 41[B<-clrreject>] 42[B<-addtrust arg>] 43[B<-addreject arg>] 44[B<-setalias arg>] 45[B<-days arg>] 46[B<-set_serial n>] 47[B<-signkey filename>] 48[B<-passin arg>] 49[B<-x509toreq>] 50[B<-req>] 51[B<-CA filename>] 52[B<-CAkey filename>] 53[B<-CAcreateserial>] 54[B<-CAserial filename>] 55[B<-force_pubkey key>] 56[B<-text>] 57[B<-certopt option>] 58[B<-C>] 59[B<-md2|-md5|-sha1|-mdc2>] 60[B<-clrext>] 61[B<-extfile filename>] 62[B<-extensions section>] 63[B<-engine id>] 64 65=head1 DESCRIPTION 66 67The B<x509> command is a multi purpose certificate utility. It can be 68used to display certificate information, convert certificates to 69various forms, sign certificate requests like a "mini CA" or edit 70certificate trust settings. 71 72Since there are a large number of options they will split up into 73various sections. 74 75=head1 OPTIONS 76 77=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS 78 79=over 4 80 81=item B<-inform DER|PEM|NET> 82 83This specifies the input format normally the command will expect an X509 84certificate but this can change if other options such as B<-req> are 85present. The DER format is the DER encoding of the certificate and PEM 86is the base64 encoding of the DER encoding with header and footer lines 87added. The NET option is an obscure Netscape server format that is now 88obsolete. 89 90=item B<-outform DER|PEM|NET> 91 92This specifies the output format, the options have the same meaning as the 93B<-inform> option. 94 95=item B<-in filename> 96 97This specifies the input filename to read a certificate from or standard input 98if this option is not specified. 99 100=item B<-out filename> 101 102This specifies the output filename to write to or standard output by 103default. 104 105=item B<-md2|-md5|-sha1|-mdc2> 106 107the digest to use. This affects any signing or display option that uses a message 108digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not 109specified then SHA1 is used. If the key being used to sign with is a DSA key 110then this option has no effect: SHA1 is always used with DSA keys. 111 112=item B<-engine id> 113 114specifying an engine (by its unique B<id> string) will cause B<x509> 115to attempt to obtain a functional reference to the specified engine, 116thus initialising it if needed. The engine will then be set as the default 117for all available algorithms. 118 119=back 120 121=head2 DISPLAY OPTIONS 122 123Note: the B<-alias> and B<-purpose> options are also display options 124but are described in the B<TRUST SETTINGS> section. 125 126=over 4 127 128=item B<-text> 129 130prints out the certificate in text form. Full details are output including the 131public key, signature algorithms, issuer and subject names, serial number 132any extensions present and any trust settings. 133 134=item B<-certopt option> 135 136customise the output format used with B<-text>. The B<option> argument can be 137a single option or multiple options separated by commas. The B<-certopt> switch 138may be also be used more than once to set multiple options. See the B<TEXT OPTIONS> 139section for more information. 140 141=item B<-noout> 142 143this option prevents output of the encoded version of the request. 144 145=item B<-pubkey> 146 147outputs the certificate's SubjectPublicKeyInfo block in PEM format. 148 149=item B<-modulus> 150 151this option prints out the value of the modulus of the public key 152contained in the certificate. 153 154=item B<-serial> 155 156outputs the certificate serial number. 157 158=item B<-subject_hash> 159 160outputs the "hash" of the certificate subject name. This is used in OpenSSL to 161form an index to allow certificates in a directory to be looked up by subject 162name. 163 164=item B<-issuer_hash> 165 166outputs the "hash" of the certificate issuer name. 167 168=item B<-ocspid> 169 170outputs the OCSP hash values for the subject name and public key. 171 172=item B<-hash> 173 174synonym for "-subject_hash" for backward compatibility reasons. 175 176=item B<-subject_hash_old> 177 178outputs the "hash" of the certificate subject name using the older algorithm 179as used by OpenSSL versions before 1.0.0. 180 181=item B<-issuer_hash_old> 182 183outputs the "hash" of the certificate issuer name using the older algorithm 184as used by OpenSSL versions before 1.0.0. 185 186=item B<-subject> 187 188outputs the subject name. 189 190=item B<-issuer> 191 192outputs the issuer name. 193 194=item B<-nameopt option> 195 196option which determines how the subject or issuer names are displayed. The 197B<option> argument can be a single option or multiple options separated by 198commas. Alternatively the B<-nameopt> switch may be used more than once to 199set multiple options. See the B<NAME OPTIONS> section for more information. 200 201=item B<-email> 202 203outputs the email address(es) if any. 204 205=item B<-ocsp_uri> 206 207outputs the OCSP responder address(es) if any. 208 209=item B<-startdate> 210 211prints out the start date of the certificate, that is the notBefore date. 212 213=item B<-enddate> 214 215prints out the expiry date of the certificate, that is the notAfter date. 216 217=item B<-dates> 218 219prints out the start and expiry dates of a certificate. 220 221=item B<-checkend arg> 222 223checks if the certificate expires within the next B<arg> seconds and exits 224non-zero if yes it will expire or zero if not. 225 226=item B<-fingerprint> 227 228Calculates and outputs the digest of the DER encoded version of the entire 229certificate (see digest options). 230This is commonly called a "fingerprint". Because of the nature of message 231digests, the fingerprint of a certificate is unique to that certificate and 232two certificates with the same fingerprint can be considered to be the same. 233 234=item B<-C> 235 236this outputs the certificate in the form of a C source file. 237 238=back 239 240=head2 TRUST SETTINGS 241 242Please note these options are currently experimental and may well change. 243 244A B<trusted certificate> is an ordinary certificate which has several 245additional pieces of information attached to it such as the permitted 246and prohibited uses of the certificate and an "alias". 247 248Normally when a certificate is being verified at least one certificate 249must be "trusted". By default a trusted certificate must be stored 250locally and must be a root CA: any certificate chain ending in this CA 251is then usable for any purpose. 252 253Trust settings currently are only used with a root CA. They allow a finer 254control over the purposes the root CA can be used for. For example a CA 255may be trusted for SSL client but not SSL server use. 256 257See the description of the B<verify> utility for more information on the 258meaning of trust settings. 259 260Future versions of OpenSSL will recognize trust settings on any 261certificate: not just root CAs. 262 263 264=over 4 265 266=item B<-trustout> 267 268this causes B<x509> to output a B<trusted> certificate. An ordinary 269or trusted certificate can be input but by default an ordinary 270certificate is output and any trust settings are discarded. With the 271B<-trustout> option a trusted certificate is output. A trusted 272certificate is automatically output if any trust settings are modified. 273 274=item B<-setalias arg> 275 276sets the alias of the certificate. This will allow the certificate 277to be referred to using a nickname for example "Steve's Certificate". 278 279=item B<-alias> 280 281outputs the certificate alias, if any. 282 283=item B<-clrtrust> 284 285clears all the permitted or trusted uses of the certificate. 286 287=item B<-clrreject> 288 289clears all the prohibited or rejected uses of the certificate. 290 291=item B<-addtrust arg> 292 293adds a trusted certificate use. Any object name can be used here 294but currently only B<clientAuth> (SSL client use), B<serverAuth> 295(SSL server use) and B<emailProtection> (S/MIME email) are used. 296Other OpenSSL applications may define additional uses. 297 298=item B<-addreject arg> 299 300adds a prohibited use. It accepts the same values as the B<-addtrust> 301option. 302 303=item B<-purpose> 304 305this option performs tests on the certificate extensions and outputs 306the results. For a more complete description see the B<CERTIFICATE 307EXTENSIONS> section. 308 309=back 310 311=head2 SIGNING OPTIONS 312 313The B<x509> utility can be used to sign certificates and requests: it 314can thus behave like a "mini CA". 315 316=over 4 317 318=item B<-signkey filename> 319 320this option causes the input file to be self signed using the supplied 321private key. 322 323If the input file is a certificate it sets the issuer name to the 324subject name (i.e. makes it self signed) changes the public key to the 325supplied value and changes the start and end dates. The start date is 326set to the current time and the end date is set to a value determined 327by the B<-days> option. Any certificate extensions are retained unless 328the B<-clrext> option is supplied. 329 330If the input is a certificate request then a self signed certificate 331is created using the supplied private key using the subject name in 332the request. 333 334=item B<-passin arg> 335 336the key password source. For more information about the format of B<arg> 337see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 338 339=item B<-clrext> 340 341delete any extensions from a certificate. This option is used when a 342certificate is being created from another certificate (for example with 343the B<-signkey> or the B<-CA> options). Normally all extensions are 344retained. 345 346=item B<-keyform PEM|DER> 347 348specifies the format (DER or PEM) of the private key file used in the 349B<-signkey> option. 350 351=item B<-days arg> 352 353specifies the number of days to make a certificate valid for. The default 354is 30 days. 355 356=item B<-x509toreq> 357 358converts a certificate into a certificate request. The B<-signkey> option 359is used to pass the required private key. 360 361=item B<-req> 362 363by default a certificate is expected on input. With this option a 364certificate request is expected instead. 365 366=item B<-set_serial n> 367 368specifies the serial number to use. This option can be used with either 369the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA> 370option the serial number file (as specified by the B<-CAserial> or 371B<-CAcreateserial> options) is not used. 372 373The serial number can be decimal or hex (if preceded by B<0x>). Negative 374serial numbers can also be specified but their use is not recommended. 375 376=item B<-CA filename> 377 378specifies the CA certificate to be used for signing. When this option is 379present B<x509> behaves like a "mini CA". The input file is signed by this 380CA using this option: that is its issuer name is set to the subject name 381of the CA and it is digitally signed using the CAs private key. 382 383This option is normally combined with the B<-req> option. Without the 384B<-req> option the input is a certificate which must be self signed. 385 386=item B<-CAkey filename> 387 388sets the CA private key to sign a certificate with. If this option is 389not specified then it is assumed that the CA private key is present in 390the CA certificate file. 391 392=item B<-CAserial filename> 393 394sets the CA serial number file to use. 395 396When the B<-CA> option is used to sign a certificate it uses a serial 397number specified in a file. This file consist of one line containing 398an even number of hex digits with the serial number to use. After each 399use the serial number is incremented and written out to the file again. 400 401The default filename consists of the CA certificate file base name with 402".srl" appended. For example if the CA certificate file is called 403"mycacert.pem" it expects to find a serial number file called "mycacert.srl". 404 405=item B<-CAcreateserial> 406 407with this option the CA serial number file is created if it does not exist: 408it will contain the serial number "02" and the certificate being signed will 409have the 1 as its serial number. Normally if the B<-CA> option is specified 410and the serial number file does not exist it is an error. 411 412=item B<-extfile filename> 413 414file containing certificate extensions to use. If not specified then 415no extensions are added to the certificate. 416 417=item B<-extensions section> 418 419the section to add certificate extensions from. If this option is not 420specified then the extensions should either be contained in the unnamed 421(default) section or the default section should contain a variable called 422"extensions" which contains the section to use. See the 423L<x509v3_config(5)|x509v3_config(5)> manual page for details of the 424extension section format. 425 426=item B<-force_pubkey key> 427 428when a certificate is created set its public key to B<key> instead of the 429key in the certificate or certificate request. This option is useful for 430creating certificates where the algorithm can't normally sign requests, for 431example DH. 432 433The format or B<key> can be specified using the B<-keyform> option. 434 435=back 436 437=head2 NAME OPTIONS 438 439The B<nameopt> command line switch determines how the subject and issuer 440names are displayed. If no B<nameopt> switch is present the default "oneline" 441format is used which is compatible with previous versions of OpenSSL. 442Each option is described in detail below, all options can be preceded by 443a B<-> to turn the option off. Only the first four will normally be used. 444 445=over 4 446 447=item B<compat> 448 449use the old format. This is equivalent to specifying no name options at all. 450 451=item B<RFC2253> 452 453displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>, 454B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>, 455B<sep_comma_plus>, B<dn_rev> and B<sname>. 456 457=item B<oneline> 458 459a oneline format which is more readable than RFC2253. It is equivalent to 460specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>, 461B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname> 462options. 463 464=item B<multiline> 465 466a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, 467B<space_eq>, B<lname> and B<align>. 468 469=item B<esc_2253> 470 471escape the "special" characters required by RFC2253 in a field That is 472B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string 473and a space character at the beginning or end of a string. 474 475=item B<esc_ctrl> 476 477escape control characters. That is those with ASCII values less than 4780x20 (space) and the delete (0x7f) character. They are escaped using the 479RFC2253 \XX notation (where XX are two hex digits representing the 480character value). 481 482=item B<esc_msb> 483 484escape characters with the MSB set, that is with ASCII values larger than 485127. 486 487=item B<use_quote> 488 489escapes some characters by surrounding the whole string with B<"> characters, 490without the option all escaping is done with the B<\> character. 491 492=item B<utf8> 493 494convert all strings to UTF8 format first. This is required by RFC2253. If 495you are lucky enough to have a UTF8 compatible terminal then the use 496of this option (and B<not> setting B<esc_msb>) may result in the correct 497display of multibyte (international) characters. Is this option is not 498present then multibyte characters larger than 0xff will be represented 499using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits. 500Also if this option is off any UTF8Strings will be converted to their 501character form first. 502 503=item B<ignore_type> 504 505this option does not attempt to interpret multibyte characters in any 506way. That is their content octets are merely dumped as though one octet 507represents each character. This is useful for diagnostic purposes but 508will result in rather odd looking output. 509 510=item B<show_type> 511 512show the type of the ASN1 character string. The type precedes the 513field contents. For example "BMPSTRING: Hello World". 514 515=item B<dump_der> 516 517when this option is set any fields that need to be hexdumped will 518be dumped using the DER encoding of the field. Otherwise just the 519content octets will be displayed. Both options use the RFC2253 520B<#XXXX...> format. 521 522=item B<dump_nostr> 523 524dump non character string types (for example OCTET STRING) if this 525option is not set then non character string types will be displayed 526as though each content octet represents a single character. 527 528=item B<dump_all> 529 530dump all fields. This option when used with B<dump_der> allows the 531DER encoding of the structure to be unambiguously determined. 532 533=item B<dump_unknown> 534 535dump any field whose OID is not recognised by OpenSSL. 536 537=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>, 538B<sep_multiline> 539 540these options determine the field separators. The first character is 541between RDNs and the second between multiple AVAs (multiple AVAs are 542very rare and their use is discouraged). The options ending in 543"space" additionally place a space after the separator to make it 544more readable. The B<sep_multiline> uses a linefeed character for 545the RDN separator and a spaced B<+> for the AVA separator. It also 546indents the fields by four characters. If no field separator is specified 547then B<sep_comma_plus_space> is used by default. 548 549=item B<dn_rev> 550 551reverse the fields of the DN. This is required by RFC2253. As a side 552effect this also reverses the order of multiple AVAs but this is 553permissible. 554 555=item B<nofname>, B<sname>, B<lname>, B<oid> 556 557these options alter how the field name is displayed. B<nofname> does 558not display the field at all. B<sname> uses the "short name" form 559(CN for commonName for example). B<lname> uses the long form. 560B<oid> represents the OID in numerical form and is useful for 561diagnostic purpose. 562 563=item B<align> 564 565align field values for a more readable output. Only usable with 566B<sep_multiline>. 567 568=item B<space_eq> 569 570places spaces round the B<=> character which follows the field 571name. 572 573=back 574 575=head2 TEXT OPTIONS 576 577As well as customising the name output format, it is also possible to 578customise the actual fields printed using the B<certopt> options when 579the B<text> option is present. The default behaviour is to print all fields. 580 581=over 4 582 583=item B<compatible> 584 585use the old format. This is equivalent to specifying no output options at all. 586 587=item B<no_header> 588 589don't print header information: that is the lines saying "Certificate" and "Data". 590 591=item B<no_version> 592 593don't print out the version number. 594 595=item B<no_serial> 596 597don't print out the serial number. 598 599=item B<no_signame> 600 601don't print out the signature algorithm used. 602 603=item B<no_validity> 604 605don't print the validity, that is the B<notBefore> and B<notAfter> fields. 606 607=item B<no_subject> 608 609don't print out the subject name. 610 611=item B<no_issuer> 612 613don't print out the issuer name. 614 615=item B<no_pubkey> 616 617don't print out the public key. 618 619=item B<no_sigdump> 620 621don't give a hexadecimal dump of the certificate signature. 622 623=item B<no_aux> 624 625don't print out certificate trust information. 626 627=item B<no_extensions> 628 629don't print out any X509V3 extensions. 630 631=item B<ext_default> 632 633retain default extension behaviour: attempt to print out unsupported certificate extensions. 634 635=item B<ext_error> 636 637print an error message for unsupported certificate extensions. 638 639=item B<ext_parse> 640 641ASN1 parse unsupported extensions. 642 643=item B<ext_dump> 644 645hex dump unsupported extensions. 646 647=item B<ca_default> 648 649the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, 650B<no_header>, and B<no_version>. 651 652=back 653 654=head1 EXAMPLES 655 656Note: in these examples the '\' means the example should be all on one 657line. 658 659Display the contents of a certificate: 660 661 openssl x509 -in cert.pem -noout -text 662 663Display the certificate serial number: 664 665 openssl x509 -in cert.pem -noout -serial 666 667Display the certificate subject name: 668 669 openssl x509 -in cert.pem -noout -subject 670 671Display the certificate subject name in RFC2253 form: 672 673 openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 674 675Display the certificate subject name in oneline form on a terminal 676supporting UTF8: 677 678 openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb 679 680Display the certificate SHA1 fingerprint: 681 682 openssl x509 -sha1 -in cert.pem -noout -fingerprint 683 684Convert a certificate from PEM to DER format: 685 686 openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER 687 688Convert a certificate to a certificate request: 689 690 openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem 691 692Convert a certificate request into a self signed certificate using 693extensions for a CA: 694 695 openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \ 696 -signkey key.pem -out cacert.pem 697 698Sign a certificate request using the CA certificate above and add user 699certificate extensions: 700 701 openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \ 702 -CA cacert.pem -CAkey key.pem -CAcreateserial 703 704 705Set a certificate to be trusted for SSL client use and change set its alias to 706"Steve's Class 1 CA" 707 708 openssl x509 -in cert.pem -addtrust clientAuth \ 709 -setalias "Steve's Class 1 CA" -out trust.pem 710 711=head1 NOTES 712 713The PEM format uses the header and footer lines: 714 715 -----BEGIN CERTIFICATE----- 716 -----END CERTIFICATE----- 717 718it will also handle files containing: 719 720 -----BEGIN X509 CERTIFICATE----- 721 -----END X509 CERTIFICATE----- 722 723Trusted certificates have the lines 724 725 -----BEGIN TRUSTED CERTIFICATE----- 726 -----END TRUSTED CERTIFICATE----- 727 728The conversion to UTF8 format used with the name options assumes that 729T61Strings use the ISO8859-1 character set. This is wrong but Netscape 730and MSIE do this as do many certificates. So although this is incorrect 731it is more likely to display the majority of certificates correctly. 732 733The B<-email> option searches the subject name and the subject alternative 734name extension. Only unique email addresses will be printed out: it will 735not print the same address more than once. 736 737=head1 CERTIFICATE EXTENSIONS 738 739The B<-purpose> option checks the certificate extensions and determines 740what the certificate can be used for. The actual checks done are rather 741complex and include various hacks and workarounds to handle broken 742certificates and software. 743 744The same code is used when verifying untrusted certificates in chains 745so this section is useful if a chain is rejected by the verify code. 746 747The basicConstraints extension CA flag is used to determine whether the 748certificate can be used as a CA. If the CA flag is true then it is a CA, 749if the CA flag is false then it is not a CA. B<All> CAs should have the 750CA flag set to true. 751 752If the basicConstraints extension is absent then the certificate is 753considered to be a "possible CA" other extensions are checked according 754to the intended use of the certificate. A warning is given in this case 755because the certificate should really not be regarded as a CA: however 756it is allowed to be a CA to work around some broken software. 757 758If the certificate is a V1 certificate (and thus has no extensions) and 759it is self signed it is also assumed to be a CA but a warning is again 760given: this is to work around the problem of Verisign roots which are V1 761self signed certificates. 762 763If the keyUsage extension is present then additional restraints are 764made on the uses of the certificate. A CA certificate B<must> have the 765keyCertSign bit set if the keyUsage extension is present. 766 767The extended key usage extension places additional restrictions on the 768certificate uses. If this extension is present (whether critical or not) 769the key can only be used for the purposes specified. 770 771A complete description of each test is given below. The comments about 772basicConstraints and keyUsage and V1 certificates above apply to B<all> 773CA certificates. 774 775 776=over 4 777 778=item B<SSL Client> 779 780The extended key usage extension must be absent or include the "web client 781authentication" OID. keyUsage must be absent or it must have the 782digitalSignature bit set. Netscape certificate type must be absent or it must 783have the SSL client bit set. 784 785=item B<SSL Client CA> 786 787The extended key usage extension must be absent or include the "web client 788authentication" OID. Netscape certificate type must be absent or it must have 789the SSL CA bit set: this is used as a work around if the basicConstraints 790extension is absent. 791 792=item B<SSL Server> 793 794The extended key usage extension must be absent or include the "web server 795authentication" and/or one of the SGC OIDs. keyUsage must be absent or it 796must have the digitalSignature, the keyEncipherment set or both bits set. 797Netscape certificate type must be absent or have the SSL server bit set. 798 799=item B<SSL Server CA> 800 801The extended key usage extension must be absent or include the "web server 802authentication" and/or one of the SGC OIDs. Netscape certificate type must 803be absent or the SSL CA bit must be set: this is used as a work around if the 804basicConstraints extension is absent. 805 806=item B<Netscape SSL Server> 807 808For Netscape SSL clients to connect to an SSL server it must have the 809keyEncipherment bit set if the keyUsage extension is present. This isn't 810always valid because some cipher suites use the key for digital signing. 811Otherwise it is the same as a normal SSL server. 812 813=item B<Common S/MIME Client Tests> 814 815The extended key usage extension must be absent or include the "email 816protection" OID. Netscape certificate type must be absent or should have the 817S/MIME bit set. If the S/MIME bit is not set in netscape certificate type 818then the SSL client bit is tolerated as an alternative but a warning is shown: 819this is because some Verisign certificates don't set the S/MIME bit. 820 821=item B<S/MIME Signing> 822 823In addition to the common S/MIME client tests the digitalSignature bit must 824be set if the keyUsage extension is present. 825 826=item B<S/MIME Encryption> 827 828In addition to the common S/MIME tests the keyEncipherment bit must be set 829if the keyUsage extension is present. 830 831=item B<S/MIME CA> 832 833The extended key usage extension must be absent or include the "email 834protection" OID. Netscape certificate type must be absent or must have the 835S/MIME CA bit set: this is used as a work around if the basicConstraints 836extension is absent. 837 838=item B<CRL Signing> 839 840The keyUsage extension must be absent or it must have the CRL signing bit 841set. 842 843=item B<CRL Signing CA> 844 845The normal CA tests apply. Except in this case the basicConstraints extension 846must be present. 847 848=back 849 850=head1 BUGS 851 852Extensions in certificates are not transferred to certificate requests and 853vice versa. 854 855It is possible to produce invalid certificates or requests by specifying the 856wrong private key or using inconsistent options in some cases: these should 857be checked. 858 859There should be options to explicitly set such things as start and end 860dates rather than an offset from the current time. 861 862The code to implement the verify behaviour described in the B<TRUST SETTINGS> 863is currently being developed. It thus describes the intended behaviour rather 864than the current behaviour. It is hoped that it will represent reality in 865OpenSSL 0.9.5 and later. 866 867=head1 SEE ALSO 868 869L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, 870L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>, 871L<x509v3_config(5)|x509v3_config(5)> 872 873=head1 HISTORY 874 875Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. 876 877The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options 878before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding 879of the distinguished name. In OpenSSL 1.0.0 and later it is based on a 880canonical version of the DN using SHA1. This means that any directories using 881the old form must have their links rebuilt using B<c_rehash> or similar. 882 883=cut 884