5. openssl ca -help

openssl ca -help


  • Certificate Authority (CA) Management.

    $ openssl ca -help
Usage: ca [options]
Valid options are:
 -help                   Display this summary
 -verbose                Verbose output during processing
 -config val             A config file
 -name val               The particular CA definition to use
 -subj val               Use arg instead of request's subject
 -utf8                   Input characters are UTF8 (default ASCII)
 -create_serial          If reading serial fails, create a new random serial
 -rand_serial            Always create a random serial; do not store it
 -multivalue-rdn         Enable support for multivalued RDNs
 -startdate val          Cert notBefore, YYMMDDHHMMSSZ
 -enddate val            YYMMDDHHMMSSZ cert notAfter (overrides -days)
 -days +int              Number of days to certify the cert for
 -md val                 md to use; one of md2, md5, sha or sha1
 -policy val             The CA 'policy' to support
 -keyfile val            Private key
 -keyform format         Private key file format (PEM or ENGINE)
 -passin val             Input file pass phrase source
 -key val                Key to decode the private key if it is encrypted
 -cert infile            The CA cert
 -selfsign               Sign a cert with the key associated with it
 -in infile              The input PEM encoded cert request(s)
 -out outfile            Where to put the output file(s)
 -outdir dir             Where to put output cert
 -sigopt val             Signature parameter in n:v form
 -notext                 Do not print the generated certificate
 -batch                  Don't ask questions
 -preserveDN             Don't re-order the DN
 -noemailDN              Don't add the EMAIL field to the DN
 -gencrl                 Generate a new CRL
 -msie_hack              msie modifications to handle all those universal strings
 -crldays +int           Days until the next CRL is due
 -crlhours +int          Hours until the next CRL is due
 -crlsec +int            Seconds until the next CRL is due
 -infiles                The last argument, requests to process
 -ss_cert infile         File contains a self signed cert to sign
 -spkac infile           File contains DN and signed public key and challenge
 -revoke infile          Revoke a cert (given in file)
 -valid val              Add a Valid(not-revoked) DB entry about a cert (given in file)
 -extensions val         Extension section (override value in config file)
 -extfile infile         Configuration file with X509v3 extensions to add
 -status val             Shows cert status given the serial number
 -updatedb               Updates db for expired cert
 -crlexts val            CRL extension section (override value in config file)
 -crl_reason val         revocation reason
 -crl_hold val           the hold instruction, an OID. Sets revocation reason to certificateHold
 -crl_compromise val     sets compromise time to val and the revocation reason to keyCompromise
 -crl_CA_compromise val  sets compromise time to val and the revocation reason to CACompromise
 -rand val               Load the file(s) into the random number generator
 -writerand outfile      Write random data to the specified file
 -engine val             Use engine, possibly a hardware device
security manpages 48
Log in to reply
 

© Lightnetics 2024