5. openssl ts -help

openssl ts -help


  • Time Stamping Authority tool (client/server).

    $ openssl ts -help
Usage: ts [options]
Valid options are:
 -help                 Display this summary
 -config infile        Configuration file
 -section val          Section to use within config file
 -query                Generate a TS query
 -data infile          File to hash
 -digest val           Digest (as a hex string)
 -rand val             Load the file(s) into the random number generator
 -writerand outfile    Write random data to the specified file
 -tspolicy val         Policy OID to use
 -no_nonce             Do not include a nonce
 -cert                 Put cert request into query
 -in infile            Input file
 -token_in             Input is a PKCS#7 file
 -out outfile          Output file
 -token_out            Output is a PKCS#7 file
 -text                 Output text (not DER)
 -reply                Generate a TS reply
 -queryfile infile     File containing a TS query
 -passin val           Input file pass phrase source
 -inkey val            File with private key for reply
 -signer val           Signer certificate file
 -chain infile         File with signer CA chain
 -verify               Verify a TS response
 -CApath dir           Path to trusted CA files
 -CAfile infile        File with trusted CA certs
 -untrusted infile     File with untrusted certs
 -*                    Any supported digest
 -engine val           Use engine, possibly a hardware device

Options specific to 'ts -verify': 
 -policy val           adds policy to the acceptable policy set
 -purpose val          certificate chain purpose
 -verify_name val      verification policy name
 -verify_depth int     chain depth limit
 -auth_level int       chain authentication security level
 -attime intmax        verification epoch time
 -verify_hostname val  expected peer hostname
 -verify_email val     expected peer email
 -verify_ip val        expected peer IP address
 -ignore_critical      permit unhandled critical extensions
 -issuer_checks        (deprecated)
 -crl_check            check leaf certificate revocation
 -crl_check_all        check full chain revocation
 -policy_check         perform rfc5280 policy checks
 -explicit_policy      set policy variable require-explicit-policy
 -inhibit_any          set policy variable inhibit-any-policy
 -inhibit_map          set policy variable inhibit-policy-mapping
 -x509_strict          disable certificate compatibility work-arounds
 -extended_crl         enable extended CRL features
 -use_deltas           use delta CRLs
 -policy_print         print policy processing diagnostics
 -check_ss_sig         check root CA self-signatures
 -trusted_first        search trust store first (default)
 -suiteB_128_only      Suite B 128-bit-only mode
 -suiteB_128           Suite B 128-bit mode allowing 192-bit algorithms
 -suiteB_192           Suite B 192-bit-only mode
 -partial_chain        accept chains anchored by intermediate trust-store CAs
 -no_alt_chains        (deprecated)
 -no_check_time        ignore certificate validity time
 -allow_proxy_certs    allow the use of proxy certificates

Typical uses:
ts -query [-rand file...] [-config file] [-data file]
          [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]
          [-in file] [-out file] [-text]
  or
ts -reply [-config file] [-section tsa_section]
          [-queryfile file] [-passin password]
          [-signer tsa_cert.pem] [-inkey private_key.pem]
          [-chain certs_file.pem] [-tspolicy oid]
          [-in file] [-token_in] [-out file] [-token_out]
          [-text] [-engine id]
  or
ts -verify -CApath dir -CAfile file.pem -untrusted file.pem
           [-data file] [-digest hexstring]
           [-queryfile file] -in file [-token_in]
           [[options specific to 'ts -verify']]
security manpages 48
Log in to reply
 

© Lightnetics 2024