1 2=pod 3 4=head1 NAME 5 6x509 - Certificate display and signing utility 7 8=head1 SYNOPSIS 9 10B<openssl> B<x509> 11[B<-inform DER|PEM|NET>] 12[B<-outform DER|PEM|NET>] 13[B<-keyform DER|PEM>] 14[B<-CAform DER|PEM>] 15[B<-CAkeyform DER|PEM>] 16[B<-in filename>] 17[B<-out filename>] 18[B<-serial>] 19[B<-hash>] 20[B<-subject_hash>] 21[B<-issuer_hash>] 22[B<-ocspid>] 23[B<-subject>] 24[B<-issuer>] 25[B<-nameopt option>] 26[B<-email>] 27[B<-ocsp_uri>] 28[B<-startdate>] 29[B<-enddate>] 30[B<-purpose>] 31[B<-dates>] 32[B<-checkend num>] 33[B<-modulus>] 34[B<-pubkey>] 35[B<-fingerprint>] 36[B<-alias>] 37[B<-noout>] 38[B<-trustout>] 39[B<-clrtrust>] 40[B<-clrreject>] 41[B<-addtrust arg>] 42[B<-addreject arg>] 43[B<-setalias arg>] 44[B<-days arg>] 45[B<-set_serial n>] 46[B<-signkey filename>] 47[B<-passin arg>] 48[B<-x509toreq>] 49[B<-req>] 50[B<-CA filename>] 51[B<-CAkey filename>] 52[B<-CAcreateserial>] 53[B<-CAserial filename>] 54[B<-force_pubkey key>] 55[B<-text>] 56[B<-certopt option>] 57[B<-C>] 58[B<-md2|-md5|-sha1|-mdc2>] 59[B<-clrext>] 60[B<-extfile filename>] 61[B<-extensions section>] 62[B<-engine id>] 63 64=head1 DESCRIPTION 65 66The B<x509> command is a multi purpose certificate utility. It can be 67used to display certificate information, convert certificates to 68various forms, sign certificate requests like a "mini CA" or edit 69certificate trust settings. 70 71Since there are a large number of options they will split up into 72various sections. 73 74=head1 OPTIONS 75 76=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS 77 78=over 4 79 80=item B<-inform DER|PEM|NET> 81 82This specifies the input format normally the command will expect an X509 83certificate but this can change if other options such as B<-req> are 84present. The DER format is the DER encoding of the certificate and PEM 85is the base64 encoding of the DER encoding with header and footer lines 86added. The NET option is an obscure Netscape server format that is now 87obsolete. 88 89=item B<-outform DER|PEM|NET> 90 91This specifies the output format, the options have the same meaning as the 92B<-inform> option. 93 94=item B<-in filename> 95 96This specifies the input filename to read a certificate from or standard input 97if this option is not specified. 98 99=item B<-out filename> 100 101This specifies the output filename to write to or standard output by 102default. 103 104=item B<-md2|-md5|-sha1|-mdc2> 105 106the digest to use. This affects any signing or display option that uses a message 107digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not 108specified then SHA1 is used. If the key being used to sign with is a DSA key 109then this option has no effect: SHA1 is always used with DSA keys. 110 111=item B<-engine id> 112 113specifying an engine (by its unique B<id> string) will cause B<x509> 114to attempt to obtain a functional reference to the specified engine, 115thus initialising it if needed. The engine will then be set as the default 116for all available algorithms. 117 118=back 119 120=head2 DISPLAY OPTIONS 121 122Note: the B<-alias> and B<-purpose> options are also display options 123but are described in the B<TRUST SETTINGS> section. 124 125=over 4 126 127=item B<-text> 128 129prints out the certificate in text form. Full details are output including the 130public key, signature algorithms, issuer and subject names, serial number 131any extensions present and any trust settings. 132 133=item B<-certopt option> 134 135customise the output format used with B<-text>. The B<option> argument can be 136a single option or multiple options separated by commas. The B<-certopt> switch 137may be also be used more than once to set multiple options. See the B<TEXT OPTIONS> 138section for more information. 139 140=item B<-noout> 141 142this option prevents output of the encoded version of the request. 143 144=item B<-pubkey> 145 146outputs the the certificate's SubjectPublicKeyInfo block in PEM format. 147 148=item B<-modulus> 149 150this option prints out the value of the modulus of the public key 151contained in the certificate. 152 153=item B<-serial> 154 155outputs the certificate serial number. 156 157=item B<-subject_hash> 158 159outputs the "hash" of the certificate subject name. This is used in OpenSSL to 160form an index to allow certificates in a directory to be looked up by subject 161name. 162 163=item B<-issuer_hash> 164 165outputs the "hash" of the certificate issuer name. 166 167=item B<-ocspid> 168 169outputs the OCSP hash values for the subject name and public key. 170 171=item B<-hash> 172 173synonym for "-subject_hash" for backward compatibility reasons. 174 175=item B<-subject_hash_old> 176 177outputs the "hash" of the certificate subject name using the older algorithm 178as used by OpenSSL versions before 1.0.0. 179 180=item B<-issuer_hash_old> 181 182outputs the "hash" of the certificate issuer name using the older algorithm 183as used by OpenSSL versions before 1.0.0. 184 185=item B<-subject> 186 187outputs the subject name. 188 189=item B<-issuer> 190 191outputs the issuer name. 192 193=item B<-nameopt option> 194 195option which determines how the subject or issuer names are displayed. The 196B<option> argument can be a single option or multiple options separated by 197commas. Alternatively the B<-nameopt> switch may be used more than once to 198set multiple options. See the B<NAME OPTIONS> section for more information. 199 200=item B<-email> 201 202outputs the email address(es) if any. 203 204=item B<-ocsp_uri> 205 206outputs the OCSP responder address(es) if any. 207 208=item B<-startdate> 209 210prints out the start date of the certificate, that is the notBefore date. 211 212=item B<-enddate> 213 214prints out the expiry date of the certificate, that is the notAfter date. 215 216=item B<-dates> 217 218prints out the start and expiry dates of a certificate. 219 220=item B<-checkend arg> 221 222checks if the certificate expires within the next B<arg> seconds and exits 223non-zero if yes it will expire or zero if not. 224 225=item B<-fingerprint> 226 227prints out the digest of the DER encoded version of the whole certificate 228(see digest options). 229 230=item B<-C> 231 232this outputs the certificate in the form of a C source file. 233 234=back 235 236=head2 TRUST SETTINGS 237 238Please note these options are currently experimental and may well change. 239 240A B<trusted certificate> is an ordinary certificate which has several 241additional pieces of information attached to it such as the permitted 242and prohibited uses of the certificate and an "alias". 243 244Normally when a certificate is being verified at least one certificate 245must be "trusted". By default a trusted certificate must be stored 246locally and must be a root CA: any certificate chain ending in this CA 247is then usable for any purpose. 248 249Trust settings currently are only used with a root CA. They allow a finer 250control over the purposes the root CA can be used for. For example a CA 251may be trusted for SSL client but not SSL server use. 252 253See the description of the B<verify> utility for more information on the 254meaning of trust settings. 255 256Future versions of OpenSSL will recognize trust settings on any 257certificate: not just root CAs. 258 259 260=over 4 261 262=item B<-trustout> 263 264this causes B<x509> to output a B<trusted> certificate. An ordinary 265or trusted certificate can be input but by default an ordinary 266certificate is output and any trust settings are discarded. With the 267B<-trustout> option a trusted certificate is output. A trusted 268certificate is automatically output if any trust settings are modified. 269 270=item B<-setalias arg> 271 272sets the alias of the certificate. This will allow the certificate 273to be referred to using a nickname for example "Steve's Certificate". 274 275=item B<-alias> 276 277outputs the certificate alias, if any. 278 279=item B<-clrtrust> 280 281clears all the permitted or trusted uses of the certificate. 282 283=item B<-clrreject> 284 285clears all the prohibited or rejected uses of the certificate. 286 287=item B<-addtrust arg> 288 289adds a trusted certificate use. Any object name can be used here 290but currently only B<clientAuth> (SSL client use), B<serverAuth> 291(SSL server use) and B<emailProtection> (S/MIME email) are used. 292Other OpenSSL applications may define additional uses. 293 294=item B<-addreject arg> 295 296adds a prohibited use. It accepts the same values as the B<-addtrust> 297option. 298 299=item B<-purpose> 300 301this option performs tests on the certificate extensions and outputs 302the results. For a more complete description see the B<CERTIFICATE 303EXTENSIONS> section. 304 305=back 306 307=head2 SIGNING OPTIONS 308 309The B<x509> utility can be used to sign certificates and requests: it 310can thus behave like a "mini CA". 311 312=over 4 313 314=item B<-signkey filename> 315 316this option causes the input file to be self signed using the supplied 317private key. 318 319If the input file is a certificate it sets the issuer name to the 320subject name (i.e. makes it self signed) changes the public key to the 321supplied value and changes the start and end dates. The start date is 322set to the current time and the end date is set to a value determined 323by the B<-days> option. Any certificate extensions are retained unless 324the B<-clrext> option is supplied. 325 326If the input is a certificate request then a self signed certificate 327is created using the supplied private key using the subject name in 328the request. 329 330=item B<-passin arg> 331 332the key password source. For more information about the format of B<arg> 333see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 334 335=item B<-clrext> 336 337delete any extensions from a certificate. This option is used when a 338certificate is being created from another certificate (for example with 339the B<-signkey> or the B<-CA> options). Normally all extensions are 340retained. 341 342=item B<-keyform PEM|DER> 343 344specifies the format (DER or PEM) of the private key file used in the 345B<-signkey> option. 346 347=item B<-days arg> 348 349specifies the number of days to make a certificate valid for. The default 350is 30 days. 351 352=item B<-x509toreq> 353 354converts a certificate into a certificate request. The B<-signkey> option 355is used to pass the required private key. 356 357=item B<-req> 358 359by default a certificate is expected on input. With this option a 360certificate request is expected instead. 361 362=item B<-set_serial n> 363 364specifies the serial number to use. This option can be used with either 365the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA> 366option the serial number file (as specified by the B<-CAserial> or 367B<-CAcreateserial> options) is not used. 368 369The serial number can be decimal or hex (if preceded by B<0x>). Negative 370serial numbers can also be specified but their use is not recommended. 371 372=item B<-CA filename> 373 374specifies the CA certificate to be used for signing. When this option is 375present B<x509> behaves like a "mini CA". The input file is signed by this 376CA using this option: that is its issuer name is set to the subject name 377of the CA and it is digitally signed using the CAs private key. 378 379This option is normally combined with the B<-req> option. Without the 380B<-req> option the input is a certificate which must be self signed. 381 382=item B<-CAkey filename> 383 384sets the CA private key to sign a certificate with. If this option is 385not specified then it is assumed that the CA private key is present in 386the CA certificate file. 387 388=item B<-CAserial filename> 389 390sets the CA serial number file to use. 391 392When the B<-CA> option is used to sign a certificate it uses a serial 393number specified in a file. This file consist of one line containing 394an even number of hex digits with the serial number to use. After each 395use the serial number is incremented and written out to the file again. 396 397The default filename consists of the CA certificate file base name with 398".srl" appended. For example if the CA certificate file is called 399"mycacert.pem" it expects to find a serial number file called "mycacert.srl". 400 401=item B<-CAcreateserial> 402 403with this option the CA serial number file is created if it does not exist: 404it will contain the serial number "02" and the certificate being signed will 405have the 1 as its serial number. Normally if the B<-CA> option is specified 406and the serial number file does not exist it is an error. 407 408=item B<-extfile filename> 409 410file containing certificate extensions to use. If not specified then 411no extensions are added to the certificate. 412 413=item B<-extensions section> 414 415the section to add certificate extensions from. If this option is not 416specified then the extensions should either be contained in the unnamed 417(default) section or the default section should contain a variable called 418"extensions" which contains the section to use. See the 419L<x509v3_config(5)|x509v3_config(5)> manual page for details of the 420extension section format. 421 422=item B<-force_pubkey key> 423 424when a certificate is created set its public key to B<key> instead of the 425key in the certificate or certificate request. This option is useful for 426creating certificates where the algorithm can't normally sign requests, for 427example DH. 428 429The format or B<key> can be specified using the B<-keyform> option. 430 431=back 432 433=head2 NAME OPTIONS 434 435The B<nameopt> command line switch determines how the subject and issuer 436names are displayed. If no B<nameopt> switch is present the default "oneline" 437format is used which is compatible with previous versions of OpenSSL. 438Each option is described in detail below, all options can be preceded by 439a B<-> to turn the option off. Only the first four will normally be used. 440 441=over 4 442 443=item B<compat> 444 445use the old format. This is equivalent to specifying no name options at all. 446 447=item B<RFC2253> 448 449displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>, 450B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>, 451B<sep_comma_plus>, B<dn_rev> and B<sname>. 452 453=item B<oneline> 454 455a oneline format which is more readable than RFC2253. It is equivalent to 456specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>, 457B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname> 458options. 459 460=item B<multiline> 461 462a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, 463B<space_eq>, B<lname> and B<align>. 464 465=item B<esc_2253> 466 467escape the "special" characters required by RFC2253 in a field That is 468B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string 469and a space character at the beginning or end of a string. 470 471=item B<esc_ctrl> 472 473escape control characters. That is those with ASCII values less than 4740x20 (space) and the delete (0x7f) character. They are escaped using the 475RFC2253 \XX notation (where XX are two hex digits representing the 476character value). 477 478=item B<esc_msb> 479 480escape characters with the MSB set, that is with ASCII values larger than 481127. 482 483=item B<use_quote> 484 485escapes some characters by surrounding the whole string with B<"> characters, 486without the option all escaping is done with the B<\> character. 487 488=item B<utf8> 489 490convert all strings to UTF8 format first. This is required by RFC2253. If 491you are lucky enough to have a UTF8 compatible terminal then the use 492of this option (and B<not> setting B<esc_msb>) may result in the correct 493display of multibyte (international) characters. Is this option is not 494present then multibyte characters larger than 0xff will be represented 495using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits. 496Also if this option is off any UTF8Strings will be converted to their 497character form first. 498 499=item B<ignore_type> 500 501this option does not attempt to interpret multibyte characters in any 502way. That is their content octets are merely dumped as though one octet 503represents each character. This is useful for diagnostic purposes but 504will result in rather odd looking output. 505 506=item B<show_type> 507 508show the type of the ASN1 character string. The type precedes the 509field contents. For example "BMPSTRING: Hello World". 510 511=item B<dump_der> 512 513when this option is set any fields that need to be hexdumped will 514be dumped using the DER encoding of the field. Otherwise just the 515content octets will be displayed. Both options use the RFC2253 516B<#XXXX...> format. 517 518=item B<dump_nostr> 519 520dump non character string types (for example OCTET STRING) if this 521option is not set then non character string types will be displayed 522as though each content octet represents a single character. 523 524=item B<dump_all> 525 526dump all fields. This option when used with B<dump_der> allows the 527DER encoding of the structure to be unambiguously determined. 528 529=item B<dump_unknown> 530 531dump any field whose OID is not recognised by OpenSSL. 532 533=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>, 534B<sep_multiline> 535 536these options determine the field separators. The first character is 537between RDNs and the second between multiple AVAs (multiple AVAs are 538very rare and their use is discouraged). The options ending in 539"space" additionally place a space after the separator to make it 540more readable. The B<sep_multiline> uses a linefeed character for 541the RDN separator and a spaced B<+> for the AVA separator. It also 542indents the fields by four characters. If no field separator is specified 543then B<sep_comma_plus_space> is used by default. 544 545=item B<dn_rev> 546 547reverse the fields of the DN. This is required by RFC2253. As a side 548effect this also reverses the order of multiple AVAs but this is 549permissible. 550 551=item B<nofname>, B<sname>, B<lname>, B<oid> 552 553these options alter how the field name is displayed. B<nofname> does 554not display the field at all. B<sname> uses the "short name" form 555(CN for commonName for example). B<lname> uses the long form. 556B<oid> represents the OID in numerical form and is useful for 557diagnostic purpose. 558 559=item B<align> 560 561align field values for a more readable output. Only usable with 562B<sep_multiline>. 563 564=item B<space_eq> 565 566places spaces round the B<=> character which follows the field 567name. 568 569=back 570 571=head2 TEXT OPTIONS 572 573As well as customising the name output format, it is also possible to 574customise the actual fields printed using the B<certopt> options when 575the B<text> option is present. The default behaviour is to print all fields. 576 577=over 4 578 579=item B<compatible> 580 581use the old format. This is equivalent to specifying no output options at all. 582 583=item B<no_header> 584 585don't print header information: that is the lines saying "Certificate" and "Data". 586 587=item B<no_version> 588 589don't print out the version number. 590 591=item B<no_serial> 592 593don't print out the serial number. 594 595=item B<no_signame> 596 597don't print out the signature algorithm used. 598 599=item B<no_validity> 600 601don't print the validity, that is the B<notBefore> and B<notAfter> fields. 602 603=item B<no_subject> 604 605don't print out the subject name. 606 607=item B<no_issuer> 608 609don't print out the issuer name. 610 611=item B<no_pubkey> 612 613don't print out the public key. 614 615=item B<no_sigdump> 616 617don't give a hexadecimal dump of the certificate signature. 618 619=item B<no_aux> 620 621don't print out certificate trust information. 622 623=item B<no_extensions> 624 625don't print out any X509V3 extensions. 626 627=item B<ext_default> 628 629retain default extension behaviour: attempt to print out unsupported certificate extensions. 630 631=item B<ext_error> 632 633print an error message for unsupported certificate extensions. 634 635=item B<ext_parse> 636 637ASN1 parse unsupported extensions. 638 639=item B<ext_dump> 640 641hex dump unsupported extensions. 642 643=item B<ca_default> 644 645the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>, 646B<no_version>, B<no_sigdump> and B<no_signame>. 647 648=back 649 650=head1 EXAMPLES 651 652Note: in these examples the '\' means the example should be all on one 653line. 654 655Display the contents of a certificate: 656 657 openssl x509 -in cert.pem -noout -text 658 659Display the certificate serial number: 660 661 openssl x509 -in cert.pem -noout -serial 662 663Display the certificate subject name: 664 665 openssl x509 -in cert.pem -noout -subject 666 667Display the certificate subject name in RFC2253 form: 668 669 openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 670 671Display the certificate subject name in oneline form on a terminal 672supporting UTF8: 673 674 openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb 675 676Display the certificate MD5 fingerprint: 677 678 openssl x509 -in cert.pem -noout -fingerprint 679 680Display the certificate SHA1 fingerprint: 681 682 openssl x509 -sha1 -in cert.pem -noout -fingerprint 683 684Convert a certificate from PEM to DER format: 685 686 openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER 687 688Convert a certificate to a certificate request: 689 690 openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem 691 692Convert a certificate request into a self signed certificate using 693extensions for a CA: 694 695 openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \ 696 -signkey key.pem -out cacert.pem 697 698Sign a certificate request using the CA certificate above and add user 699certificate extensions: 700 701 openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \ 702 -CA cacert.pem -CAkey key.pem -CAcreateserial 703 704 705Set a certificate to be trusted for SSL client use and change set its alias to 706"Steve's Class 1 CA" 707 708 openssl x509 -in cert.pem -addtrust clientAuth \ 709 -setalias "Steve's Class 1 CA" -out trust.pem 710 711=head1 NOTES 712 713The PEM format uses the header and footer lines: 714 715 -----BEGIN CERTIFICATE----- 716 -----END CERTIFICATE----- 717 718it will also handle files containing: 719 720 -----BEGIN X509 CERTIFICATE----- 721 -----END X509 CERTIFICATE----- 722 723Trusted certificates have the lines 724 725 -----BEGIN TRUSTED CERTIFICATE----- 726 -----END TRUSTED CERTIFICATE----- 727 728The conversion to UTF8 format used with the name options assumes that 729T61Strings use the ISO8859-1 character set. This is wrong but Netscape 730and MSIE do this as do many certificates. So although this is incorrect 731it is more likely to display the majority of certificates correctly. 732 733The B<-fingerprint> option takes the digest of the DER encoded certificate. 734This is commonly called a "fingerprint". Because of the nature of message 735digests the fingerprint of a certificate is unique to that certificate and 736two certificates with the same fingerprint can be considered to be the same. 737 738The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. 739 740The B<-email> option searches the subject name and the subject alternative 741name extension. Only unique email addresses will be printed out: it will 742not print the same address more than once. 743 744=head1 CERTIFICATE EXTENSIONS 745 746The B<-purpose> option checks the certificate extensions and determines 747what the certificate can be used for. The actual checks done are rather 748complex and include various hacks and workarounds to handle broken 749certificates and software. 750 751The same code is used when verifying untrusted certificates in chains 752so this section is useful if a chain is rejected by the verify code. 753 754The basicConstraints extension CA flag is used to determine whether the 755certificate can be used as a CA. If the CA flag is true then it is a CA, 756if the CA flag is false then it is not a CA. B<All> CAs should have the 757CA flag set to true. 758 759If the basicConstraints extension is absent then the certificate is 760considered to be a "possible CA" other extensions are checked according 761to the intended use of the certificate. A warning is given in this case 762because the certificate should really not be regarded as a CA: however 763it is allowed to be a CA to work around some broken software. 764 765If the certificate is a V1 certificate (and thus has no extensions) and 766it is self signed it is also assumed to be a CA but a warning is again 767given: this is to work around the problem of Verisign roots which are V1 768self signed certificates. 769 770If the keyUsage extension is present then additional restraints are 771made on the uses of the certificate. A CA certificate B<must> have the 772keyCertSign bit set if the keyUsage extension is present. 773 774The extended key usage extension places additional restrictions on the 775certificate uses. If this extension is present (whether critical or not) 776the key can only be used for the purposes specified. 777 778A complete description of each test is given below. The comments about 779basicConstraints and keyUsage and V1 certificates above apply to B<all> 780CA certificates. 781 782 783=over 4 784 785=item B<SSL Client> 786 787The extended key usage extension must be absent or include the "web client 788authentication" OID. keyUsage must be absent or it must have the 789digitalSignature bit set. Netscape certificate type must be absent or it must 790have the SSL client bit set. 791 792=item B<SSL Client CA> 793 794The extended key usage extension must be absent or include the "web client 795authentication" OID. Netscape certificate type must be absent or it must have 796the SSL CA bit set: this is used as a work around if the basicConstraints 797extension is absent. 798 799=item B<SSL Server> 800 801The extended key usage extension must be absent or include the "web server 802authentication" and/or one of the SGC OIDs. keyUsage must be absent or it 803must have the digitalSignature, the keyEncipherment set or both bits set. 804Netscape certificate type must be absent or have the SSL server bit set. 805 806=item B<SSL Server CA> 807 808The extended key usage extension must be absent or include the "web server 809authentication" and/or one of the SGC OIDs. Netscape certificate type must 810be absent or the SSL CA bit must be set: this is used as a work around if the 811basicConstraints extension is absent. 812 813=item B<Netscape SSL Server> 814 815For Netscape SSL clients to connect to an SSL server it must have the 816keyEncipherment bit set if the keyUsage extension is present. This isn't 817always valid because some cipher suites use the key for digital signing. 818Otherwise it is the same as a normal SSL server. 819 820=item B<Common S/MIME Client Tests> 821 822The extended key usage extension must be absent or include the "email 823protection" OID. Netscape certificate type must be absent or should have the 824S/MIME bit set. If the S/MIME bit is not set in netscape certificate type 825then the SSL client bit is tolerated as an alternative but a warning is shown: 826this is because some Verisign certificates don't set the S/MIME bit. 827 828=item B<S/MIME Signing> 829 830In addition to the common S/MIME client tests the digitalSignature bit must 831be set if the keyUsage extension is present. 832 833=item B<S/MIME Encryption> 834 835In addition to the common S/MIME tests the keyEncipherment bit must be set 836if the keyUsage extension is present. 837 838=item B<S/MIME CA> 839 840The extended key usage extension must be absent or include the "email 841protection" OID. Netscape certificate type must be absent or must have the 842S/MIME CA bit set: this is used as a work around if the basicConstraints 843extension is absent. 844 845=item B<CRL Signing> 846 847The keyUsage extension must be absent or it must have the CRL signing bit 848set. 849 850=item B<CRL Signing CA> 851 852The normal CA tests apply. Except in this case the basicConstraints extension 853must be present. 854 855=back 856 857=head1 BUGS 858 859Extensions in certificates are not transferred to certificate requests and 860vice versa. 861 862It is possible to produce invalid certificates or requests by specifying the 863wrong private key or using inconsistent options in some cases: these should 864be checked. 865 866There should be options to explicitly set such things as start and end 867dates rather than an offset from the current time. 868 869The code to implement the verify behaviour described in the B<TRUST SETTINGS> 870is currently being developed. It thus describes the intended behaviour rather 871than the current behaviour. It is hoped that it will represent reality in 872OpenSSL 0.9.5 and later. 873 874=head1 SEE ALSO 875 876L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, 877L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>, 878L<x509v3_config(5)|x509v3_config(5)> 879 880=head1 HISTORY 881 882Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. 883 884The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options 885before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding 886of the distinguished name. In OpenSSL 1.0.0 and later it is based on a 887canonical version of the DN using SHA1. This means that any directories using 888the old form must have their links rebuilt using B<c_rehash> or similar. 889 890=cut 891