x509.pod revision 279265
1 2=pod 3 4=head1 NAME 5 6x509 - Certificate display and signing utility 7 8=head1 SYNOPSIS 9 10B<openssl> B<x509> 11[B<-inform DER|PEM|NET>] 12[B<-outform DER|PEM|NET>] 13[B<-keyform DER|PEM>] 14[B<-CAform DER|PEM>] 15[B<-CAkeyform DER|PEM>] 16[B<-in filename>] 17[B<-out filename>] 18[B<-serial>] 19[B<-hash>] 20[B<-subject_hash>] 21[B<-issuer_hash>] 22[B<-ocspid>] 23[B<-subject>] 24[B<-issuer>] 25[B<-nameopt option>] 26[B<-email>] 27[B<-startdate>] 28[B<-enddate>] 29[B<-purpose>] 30[B<-dates>] 31[B<-checkend num>] 32[B<-modulus>] 33[B<-fingerprint>] 34[B<-alias>] 35[B<-noout>] 36[B<-trustout>] 37[B<-clrtrust>] 38[B<-clrreject>] 39[B<-addtrust arg>] 40[B<-addreject arg>] 41[B<-setalias arg>] 42[B<-days arg>] 43[B<-set_serial n>] 44[B<-signkey filename>] 45[B<-passin arg>] 46[B<-x509toreq>] 47[B<-req>] 48[B<-CA filename>] 49[B<-CAkey filename>] 50[B<-CAcreateserial>] 51[B<-CAserial filename>] 52[B<-text>] 53[B<-certopt option>] 54[B<-C>] 55[B<-md2|-md5|-sha1|-mdc2>] 56[B<-clrext>] 57[B<-extfile filename>] 58[B<-extensions section>] 59[B<-engine id>] 60 61=head1 DESCRIPTION 62 63The B<x509> command is a multi purpose certificate utility. It can be 64used to display certificate information, convert certificates to 65various forms, sign certificate requests like a "mini CA" or edit 66certificate trust settings. 67 68Since there are a large number of options they will split up into 69various sections. 70 71=head1 OPTIONS 72 73=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS 74 75=over 4 76 77=item B<-inform DER|PEM|NET> 78 79This specifies the input format normally the command will expect an X509 80certificate but this can change if other options such as B<-req> are 81present. The DER format is the DER encoding of the certificate and PEM 82is the base64 encoding of the DER encoding with header and footer lines 83added. The NET option is an obscure Netscape server format that is now 84obsolete. 85 86=item B<-outform DER|PEM|NET> 87 88This specifies the output format, the options have the same meaning as the 89B<-inform> option. 90 91=item B<-in filename> 92 93This specifies the input filename to read a certificate from or standard input 94if this option is not specified. 95 96=item B<-out filename> 97 98This specifies the output filename to write to or standard output by 99default. 100 101=item B<-md2|-md5|-sha1|-mdc2> 102 103the digest to use. This affects any signing or display option that uses a message 104digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not 105specified then SHA1 is used. If the key being used to sign with is a DSA key 106then this option has no effect: SHA1 is always used with DSA keys. 107 108=item B<-engine id> 109 110specifying an engine (by it's unique B<id> string) will cause B<req> 111to attempt to obtain a functional reference to the specified engine, 112thus initialising it if needed. The engine will then be set as the default 113for all available algorithms. 114 115=back 116 117=head2 DISPLAY OPTIONS 118 119Note: the B<-alias> and B<-purpose> options are also display options 120but are described in the B<TRUST SETTINGS> section. 121 122=over 4 123 124=item B<-text> 125 126prints out the certificate in text form. Full details are output including the 127public key, signature algorithms, issuer and subject names, serial number 128any extensions present and any trust settings. 129 130=item B<-certopt option> 131 132customise the output format used with B<-text>. The B<option> argument can be 133a single option or multiple options separated by commas. The B<-certopt> switch 134may be also be used more than once to set multiple options. See the B<TEXT OPTIONS> 135section for more information. 136 137=item B<-noout> 138 139this option prevents output of the encoded version of the request. 140 141=item B<-modulus> 142 143this option prints out the value of the modulus of the public key 144contained in the certificate. 145 146=item B<-serial> 147 148outputs the certificate serial number. 149 150=item B<-subject_hash> 151 152outputs the "hash" of the certificate subject name. This is used in OpenSSL to 153form an index to allow certificates in a directory to be looked up by subject 154name. 155 156=item B<-issuer_hash> 157 158outputs the "hash" of the certificate issuer name. 159 160=item B<-ocspid> 161 162outputs the OCSP hash values for the subject name and public key. 163 164=item B<-hash> 165 166synonym for "-subject_hash" for backward compatibility reasons. 167 168=item B<-subject> 169 170outputs the subject name. 171 172=item B<-issuer> 173 174outputs the issuer name. 175 176=item B<-nameopt option> 177 178option which determines how the subject or issuer names are displayed. The 179B<option> argument can be a single option or multiple options separated by 180commas. Alternatively the B<-nameopt> switch may be used more than once to 181set multiple options. See the B<NAME OPTIONS> section for more information. 182 183=item B<-email> 184 185outputs the email address(es) if any. 186 187=item B<-startdate> 188 189prints out the start date of the certificate, that is the notBefore date. 190 191=item B<-enddate> 192 193prints out the expiry date of the certificate, that is the notAfter date. 194 195=item B<-dates> 196 197prints out the start and expiry dates of a certificate. 198 199=item B<-checkend arg> 200 201checks if the certificate expires within the next B<arg> seconds and exits 202non-zero if yes it will expire or zero if not. 203 204=item B<-fingerprint> 205 206prints out the digest of the DER encoded version of the whole certificate 207(see digest options). 208 209=item B<-C> 210 211this outputs the certificate in the form of a C source file. 212 213=back 214 215=head2 TRUST SETTINGS 216 217Please note these options are currently experimental and may well change. 218 219A B<trusted certificate> is an ordinary certificate which has several 220additional pieces of information attached to it such as the permitted 221and prohibited uses of the certificate and an "alias". 222 223Normally when a certificate is being verified at least one certificate 224must be "trusted". By default a trusted certificate must be stored 225locally and must be a root CA: any certificate chain ending in this CA 226is then usable for any purpose. 227 228Trust settings currently are only used with a root CA. They allow a finer 229control over the purposes the root CA can be used for. For example a CA 230may be trusted for SSL client but not SSL server use. 231 232See the description of the B<verify> utility for more information on the 233meaning of trust settings. 234 235Future versions of OpenSSL will recognize trust settings on any 236certificate: not just root CAs. 237 238 239=over 4 240 241=item B<-trustout> 242 243this causes B<x509> to output a B<trusted> certificate. An ordinary 244or trusted certificate can be input but by default an ordinary 245certificate is output and any trust settings are discarded. With the 246B<-trustout> option a trusted certificate is output. A trusted 247certificate is automatically output if any trust settings are modified. 248 249=item B<-setalias arg> 250 251sets the alias of the certificate. This will allow the certificate 252to be referred to using a nickname for example "Steve's Certificate". 253 254=item B<-alias> 255 256outputs the certificate alias, if any. 257 258=item B<-clrtrust> 259 260clears all the permitted or trusted uses of the certificate. 261 262=item B<-clrreject> 263 264clears all the prohibited or rejected uses of the certificate. 265 266=item B<-addtrust arg> 267 268adds a trusted certificate use. Any object name can be used here 269but currently only B<clientAuth> (SSL client use), B<serverAuth> 270(SSL server use) and B<emailProtection> (S/MIME email) are used. 271Other OpenSSL applications may define additional uses. 272 273=item B<-addreject arg> 274 275adds a prohibited use. It accepts the same values as the B<-addtrust> 276option. 277 278=item B<-purpose> 279 280this option performs tests on the certificate extensions and outputs 281the results. For a more complete description see the B<CERTIFICATE 282EXTENSIONS> section. 283 284=back 285 286=head2 SIGNING OPTIONS 287 288The B<x509> utility can be used to sign certificates and requests: it 289can thus behave like a "mini CA". 290 291=over 4 292 293=item B<-signkey filename> 294 295this option causes the input file to be self signed using the supplied 296private key. 297 298If the input file is a certificate it sets the issuer name to the 299subject name (i.e. makes it self signed) changes the public key to the 300supplied value and changes the start and end dates. The start date is 301set to the current time and the end date is set to a value determined 302by the B<-days> option. Any certificate extensions are retained unless 303the B<-clrext> option is supplied. 304 305If the input is a certificate request then a self signed certificate 306is created using the supplied private key using the subject name in 307the request. 308 309=item B<-passin arg> 310 311the key password source. For more information about the format of B<arg> 312see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 313 314=item B<-clrext> 315 316delete any extensions from a certificate. This option is used when a 317certificate is being created from another certificate (for example with 318the B<-signkey> or the B<-CA> options). Normally all extensions are 319retained. 320 321=item B<-keyform PEM|DER> 322 323specifies the format (DER or PEM) of the private key file used in the 324B<-signkey> option. 325 326=item B<-days arg> 327 328specifies the number of days to make a certificate valid for. The default 329is 30 days. 330 331=item B<-x509toreq> 332 333converts a certificate into a certificate request. The B<-signkey> option 334is used to pass the required private key. 335 336=item B<-req> 337 338by default a certificate is expected on input. With this option a 339certificate request is expected instead. 340 341=item B<-set_serial n> 342 343specifies the serial number to use. This option can be used with either 344the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA> 345option the serial number file (as specified by the B<-CAserial> or 346B<-CAcreateserial> options) is not used. 347 348The serial number can be decimal or hex (if preceded by B<0x>). Negative 349serial numbers can also be specified but their use is not recommended. 350 351=item B<-CA filename> 352 353specifies the CA certificate to be used for signing. When this option is 354present B<x509> behaves like a "mini CA". The input file is signed by this 355CA using this option: that is its issuer name is set to the subject name 356of the CA and it is digitally signed using the CAs private key. 357 358This option is normally combined with the B<-req> option. Without the 359B<-req> option the input is a certificate which must be self signed. 360 361=item B<-CAkey filename> 362 363sets the CA private key to sign a certificate with. If this option is 364not specified then it is assumed that the CA private key is present in 365the CA certificate file. 366 367=item B<-CAserial filename> 368 369sets the CA serial number file to use. 370 371When the B<-CA> option is used to sign a certificate it uses a serial 372number specified in a file. This file consist of one line containing 373an even number of hex digits with the serial number to use. After each 374use the serial number is incremented and written out to the file again. 375 376The default filename consists of the CA certificate file base name with 377".srl" appended. For example if the CA certificate file is called 378"mycacert.pem" it expects to find a serial number file called "mycacert.srl". 379 380=item B<-CAcreateserial> 381 382with this option the CA serial number file is created if it does not exist: 383it will contain the serial number "02" and the certificate being signed will 384have the 1 as its serial number. Normally if the B<-CA> option is specified 385and the serial number file does not exist it is an error. 386 387=item B<-extfile filename> 388 389file containing certificate extensions to use. If not specified then 390no extensions are added to the certificate. 391 392=item B<-extensions section> 393 394the section to add certificate extensions from. If this option is not 395specified then the extensions should either be contained in the unnamed 396(default) section or the default section should contain a variable called 397"extensions" which contains the section to use. 398 399=back 400 401=head2 NAME OPTIONS 402 403The B<nameopt> command line switch determines how the subject and issuer 404names are displayed. If no B<nameopt> switch is present the default "oneline" 405format is used which is compatible with previous versions of OpenSSL. 406Each option is described in detail below, all options can be preceded by 407a B<-> to turn the option off. Only the first four will normally be used. 408 409=over 4 410 411=item B<compat> 412 413use the old format. This is equivalent to specifying no name options at all. 414 415=item B<RFC2253> 416 417displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>, 418B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>, 419B<sep_comma_plus>, B<dn_rev> and B<sname>. 420 421=item B<oneline> 422 423a oneline format which is more readable than RFC2253. It is equivalent to 424specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>, 425B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname> 426options. 427 428=item B<multiline> 429 430a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, 431B<space_eq>, B<lname> and B<align>. 432 433=item B<esc_2253> 434 435escape the "special" characters required by RFC2253 in a field That is 436B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string 437and a space character at the beginning or end of a string. 438 439=item B<esc_ctrl> 440 441escape control characters. That is those with ASCII values less than 4420x20 (space) and the delete (0x7f) character. They are escaped using the 443RFC2253 \XX notation (where XX are two hex digits representing the 444character value). 445 446=item B<esc_msb> 447 448escape characters with the MSB set, that is with ASCII values larger than 449127. 450 451=item B<use_quote> 452 453escapes some characters by surrounding the whole string with B<"> characters, 454without the option all escaping is done with the B<\> character. 455 456=item B<utf8> 457 458convert all strings to UTF8 format first. This is required by RFC2253. If 459you are lucky enough to have a UTF8 compatible terminal then the use 460of this option (and B<not> setting B<esc_msb>) may result in the correct 461display of multibyte (international) characters. Is this option is not 462present then multibyte characters larger than 0xff will be represented 463using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits. 464Also if this option is off any UTF8Strings will be converted to their 465character form first. 466 467=item B<ignore_type> 468 469this option does not attempt to interpret multibyte characters in any 470way. That is their content octets are merely dumped as though one octet 471represents each character. This is useful for diagnostic purposes but 472will result in rather odd looking output. 473 474=item B<show_type> 475 476show the type of the ASN1 character string. The type precedes the 477field contents. For example "BMPSTRING: Hello World". 478 479=item B<dump_der> 480 481when this option is set any fields that need to be hexdumped will 482be dumped using the DER encoding of the field. Otherwise just the 483content octets will be displayed. Both options use the RFC2253 484B<#XXXX...> format. 485 486=item B<dump_nostr> 487 488dump non character string types (for example OCTET STRING) if this 489option is not set then non character string types will be displayed 490as though each content octet represents a single character. 491 492=item B<dump_all> 493 494dump all fields. This option when used with B<dump_der> allows the 495DER encoding of the structure to be unambiguously determined. 496 497=item B<dump_unknown> 498 499dump any field whose OID is not recognised by OpenSSL. 500 501=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>, 502B<sep_multiline> 503 504these options determine the field separators. The first character is 505between RDNs and the second between multiple AVAs (multiple AVAs are 506very rare and their use is discouraged). The options ending in 507"space" additionally place a space after the separator to make it 508more readable. The B<sep_multiline> uses a linefeed character for 509the RDN separator and a spaced B<+> for the AVA separator. It also 510indents the fields by four characters. 511 512=item B<dn_rev> 513 514reverse the fields of the DN. This is required by RFC2253. As a side 515effect this also reverses the order of multiple AVAs but this is 516permissible. 517 518=item B<nofname>, B<sname>, B<lname>, B<oid> 519 520these options alter how the field name is displayed. B<nofname> does 521not display the field at all. B<sname> uses the "short name" form 522(CN for commonName for example). B<lname> uses the long form. 523B<oid> represents the OID in numerical form and is useful for 524diagnostic purpose. 525 526=item B<align> 527 528align field values for a more readable output. Only usable with 529B<sep_multiline>. 530 531=item B<space_eq> 532 533places spaces round the B<=> character which follows the field 534name. 535 536=back 537 538=head2 TEXT OPTIONS 539 540As well as customising the name output format, it is also possible to 541customise the actual fields printed using the B<certopt> options when 542the B<text> option is present. The default behaviour is to print all fields. 543 544=over 4 545 546=item B<compatible> 547 548use the old format. This is equivalent to specifying no output options at all. 549 550=item B<no_header> 551 552don't print header information: that is the lines saying "Certificate" and "Data". 553 554=item B<no_version> 555 556don't print out the version number. 557 558=item B<no_serial> 559 560don't print out the serial number. 561 562=item B<no_signame> 563 564don't print out the signature algorithm used. 565 566=item B<no_validity> 567 568don't print the validity, that is the B<notBefore> and B<notAfter> fields. 569 570=item B<no_subject> 571 572don't print out the subject name. 573 574=item B<no_issuer> 575 576don't print out the issuer name. 577 578=item B<no_pubkey> 579 580don't print out the public key. 581 582=item B<no_sigdump> 583 584don't give a hexadecimal dump of the certificate signature. 585 586=item B<no_aux> 587 588don't print out certificate trust information. 589 590=item B<no_extensions> 591 592don't print out any X509V3 extensions. 593 594=item B<ext_default> 595 596retain default extension behaviour: attempt to print out unsupported certificate extensions. 597 598=item B<ext_error> 599 600print an error message for unsupported certificate extensions. 601 602=item B<ext_parse> 603 604ASN1 parse unsupported extensions. 605 606=item B<ext_dump> 607 608hex dump unsupported extensions. 609 610=item B<ca_default> 611 612the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>, 613B<no_version>, B<no_sigdump> and B<no_signame>. 614 615=back 616 617=head1 EXAMPLES 618 619Note: in these examples the '\' means the example should be all on one 620line. 621 622Display the contents of a certificate: 623 624 openssl x509 -in cert.pem -noout -text 625 626Display the certificate serial number: 627 628 openssl x509 -in cert.pem -noout -serial 629 630Display the certificate subject name: 631 632 openssl x509 -in cert.pem -noout -subject 633 634Display the certificate subject name in RFC2253 form: 635 636 openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 637 638Display the certificate subject name in oneline form on a terminal 639supporting UTF8: 640 641 openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb 642 643Display the certificate MD5 fingerprint: 644 645 openssl x509 -in cert.pem -noout -fingerprint 646 647Display the certificate SHA1 fingerprint: 648 649 openssl x509 -sha1 -in cert.pem -noout -fingerprint 650 651Convert a certificate from PEM to DER format: 652 653 openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER 654 655Convert a certificate to a certificate request: 656 657 openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem 658 659Convert a certificate request into a self signed certificate using 660extensions for a CA: 661 662 openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \ 663 -signkey key.pem -out cacert.pem 664 665Sign a certificate request using the CA certificate above and add user 666certificate extensions: 667 668 openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \ 669 -CA cacert.pem -CAkey key.pem -CAcreateserial 670 671 672Set a certificate to be trusted for SSL client use and change set its alias to 673"Steve's Class 1 CA" 674 675 openssl x509 -in cert.pem -addtrust clientAuth \ 676 -setalias "Steve's Class 1 CA" -out trust.pem 677 678=head1 NOTES 679 680The PEM format uses the header and footer lines: 681 682 -----BEGIN CERTIFICATE----- 683 -----END CERTIFICATE----- 684 685it will also handle files containing: 686 687 -----BEGIN X509 CERTIFICATE----- 688 -----END X509 CERTIFICATE----- 689 690Trusted certificates have the lines 691 692 -----BEGIN TRUSTED CERTIFICATE----- 693 -----END TRUSTED CERTIFICATE----- 694 695The conversion to UTF8 format used with the name options assumes that 696T61Strings use the ISO8859-1 character set. This is wrong but Netscape 697and MSIE do this as do many certificates. So although this is incorrect 698it is more likely to display the majority of certificates correctly. 699 700The B<-fingerprint> option takes the digest of the DER encoded certificate. 701This is commonly called a "fingerprint". Because of the nature of message 702digests the fingerprint of a certificate is unique to that certificate and 703two certificates with the same fingerprint can be considered to be the same. 704 705The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. 706 707The B<-email> option searches the subject name and the subject alternative 708name extension. Only unique email addresses will be printed out: it will 709not print the same address more than once. 710 711=head1 CERTIFICATE EXTENSIONS 712 713The B<-purpose> option checks the certificate extensions and determines 714what the certificate can be used for. The actual checks done are rather 715complex and include various hacks and workarounds to handle broken 716certificates and software. 717 718The same code is used when verifying untrusted certificates in chains 719so this section is useful if a chain is rejected by the verify code. 720 721The basicConstraints extension CA flag is used to determine whether the 722certificate can be used as a CA. If the CA flag is true then it is a CA, 723if the CA flag is false then it is not a CA. B<All> CAs should have the 724CA flag set to true. 725 726If the basicConstraints extension is absent then the certificate is 727considered to be a "possible CA" other extensions are checked according 728to the intended use of the certificate. A warning is given in this case 729because the certificate should really not be regarded as a CA: however 730it is allowed to be a CA to work around some broken software. 731 732If the certificate is a V1 certificate (and thus has no extensions) and 733it is self signed it is also assumed to be a CA but a warning is again 734given: this is to work around the problem of Verisign roots which are V1 735self signed certificates. 736 737If the keyUsage extension is present then additional restraints are 738made on the uses of the certificate. A CA certificate B<must> have the 739keyCertSign bit set if the keyUsage extension is present. 740 741The extended key usage extension places additional restrictions on the 742certificate uses. If this extension is present (whether critical or not) 743the key can only be used for the purposes specified. 744 745A complete description of each test is given below. The comments about 746basicConstraints and keyUsage and V1 certificates above apply to B<all> 747CA certificates. 748 749 750=over 4 751 752=item B<SSL Client> 753 754The extended key usage extension must be absent or include the "web client 755authentication" OID. keyUsage must be absent or it must have the 756digitalSignature bit set. Netscape certificate type must be absent or it must 757have the SSL client bit set. 758 759=item B<SSL Client CA> 760 761The extended key usage extension must be absent or include the "web client 762authentication" OID. Netscape certificate type must be absent or it must have 763the SSL CA bit set: this is used as a work around if the basicConstraints 764extension is absent. 765 766=item B<SSL Server> 767 768The extended key usage extension must be absent or include the "web server 769authentication" and/or one of the SGC OIDs. keyUsage must be absent or it 770must have the digitalSignature, the keyEncipherment set or both bits set. 771Netscape certificate type must be absent or have the SSL server bit set. 772 773=item B<SSL Server CA> 774 775The extended key usage extension must be absent or include the "web server 776authentication" and/or one of the SGC OIDs. Netscape certificate type must 777be absent or the SSL CA bit must be set: this is used as a work around if the 778basicConstraints extension is absent. 779 780=item B<Netscape SSL Server> 781 782For Netscape SSL clients to connect to an SSL server it must have the 783keyEncipherment bit set if the keyUsage extension is present. This isn't 784always valid because some cipher suites use the key for digital signing. 785Otherwise it is the same as a normal SSL server. 786 787=item B<Common S/MIME Client Tests> 788 789The extended key usage extension must be absent or include the "email 790protection" OID. Netscape certificate type must be absent or should have the 791S/MIME bit set. If the S/MIME bit is not set in netscape certificate type 792then the SSL client bit is tolerated as an alternative but a warning is shown: 793this is because some Verisign certificates don't set the S/MIME bit. 794 795=item B<S/MIME Signing> 796 797In addition to the common S/MIME client tests the digitalSignature bit must 798be set if the keyUsage extension is present. 799 800=item B<S/MIME Encryption> 801 802In addition to the common S/MIME tests the keyEncipherment bit must be set 803if the keyUsage extension is present. 804 805=item B<S/MIME CA> 806 807The extended key usage extension must be absent or include the "email 808protection" OID. Netscape certificate type must be absent or must have the 809S/MIME CA bit set: this is used as a work around if the basicConstraints 810extension is absent. 811 812=item B<CRL Signing> 813 814The keyUsage extension must be absent or it must have the CRL signing bit 815set. 816 817=item B<CRL Signing CA> 818 819The normal CA tests apply. Except in this case the basicConstraints extension 820must be present. 821 822=back 823 824=head1 BUGS 825 826Extensions in certificates are not transferred to certificate requests and 827vice versa. 828 829It is possible to produce invalid certificates or requests by specifying the 830wrong private key or using inconsistent options in some cases: these should 831be checked. 832 833There should be options to explicitly set such things as start and end 834dates rather than an offset from the current time. 835 836The code to implement the verify behaviour described in the B<TRUST SETTINGS> 837is currently being developed. It thus describes the intended behaviour rather 838than the current behaviour. It is hoped that it will represent reality in 839OpenSSL 0.9.5 and later. 840 841=head1 SEE ALSO 842 843L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, 844L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)> 845 846=head1 HISTORY 847 848Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. 849 850=cut 851