openssl ts -help
-
Time Stamping Authority tool (client/server).
$ openssl ts -help Usage: ts [options] Valid options are: -help Display this summary -config infile Configuration file -section val Section to use within config file -query Generate a TS query -data infile File to hash -digest val Digest (as a hex string) -rand val Load the file(s) into the random number generator -writerand outfile Write random data to the specified file -tspolicy val Policy OID to use -no_nonce Do not include a nonce -cert Put cert request into query -in infile Input file -token_in Input is a PKCS#7 file -out outfile Output file -token_out Output is a PKCS#7 file -text Output text (not DER) -reply Generate a TS reply -queryfile infile File containing a TS query -passin val Input file pass phrase source -inkey val File with private key for reply -signer val Signer certificate file -chain infile File with signer CA chain -verify Verify a TS response -CApath dir Path to trusted CA files -CAfile infile File with trusted CA certs -untrusted infile File with untrusted certs -* Any supported digest -engine val Use engine, possibly a hardware device Options specific to 'ts -verify': -policy val adds policy to the acceptable policy set -purpose val certificate chain purpose -verify_name val verification policy name -verify_depth int chain depth limit -auth_level int chain authentication security level -attime intmax verification epoch time -verify_hostname val expected peer hostname -verify_email val expected peer email -verify_ip val expected peer IP address -ignore_critical permit unhandled critical extensions -issuer_checks (deprecated) -crl_check check leaf certificate revocation -crl_check_all check full chain revocation -policy_check perform rfc5280 policy checks -explicit_policy set policy variable require-explicit-policy -inhibit_any set policy variable inhibit-any-policy -inhibit_map set policy variable inhibit-policy-mapping -x509_strict disable certificate compatibility work-arounds -extended_crl enable extended CRL features -use_deltas use delta CRLs -policy_print print policy processing diagnostics -check_ss_sig check root CA self-signatures -trusted_first search trust store first (default) -suiteB_128_only Suite B 128-bit-only mode -suiteB_128 Suite B 128-bit mode allowing 192-bit algorithms -suiteB_192 Suite B 192-bit-only mode -partial_chain accept chains anchored by intermediate trust-store CAs -no_alt_chains (deprecated) -no_check_time ignore certificate validity time -allow_proxy_certs allow the use of proxy certificates Typical uses: ts -query [-rand file...] [-config file] [-data file] [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert] [-in file] [-out file] [-text] or ts -reply [-config file] [-section tsa_section] [-queryfile file] [-passin password] [-signer tsa_cert.pem] [-inkey private_key.pem] [-chain certs_file.pem] [-tspolicy oid] [-in file] [-token_in] [-out file] [-token_out] [-text] [-engine id] or ts -verify -CApath dir -CAfile file.pem -untrusted file.pem [-data file] [-digest hexstring] [-queryfile file] -in file [-token_in] [[options specific to 'ts -verify']]
© Lightnetics 2024