Openssl CA Command

Source: Internet
Author: User

First, Introduction

CA command to issue certificate request files and generate CRL list

Second, the grammar

OpenSSL CA [-verbose] [-config filename] [-name section] [-GENCRL] [-revokefile][-crl_reason reason] [-crl_hold instruction] [-crl_compromise Time] [-crl_ca_compromise Time] [-subj subj] [-crldays days] [-crlhours hours] [-crlexts section] [-startdateDate] [-enddateDate][-days ARG] [-md arg] [-policy arg] [-keyfile arg] [-keyform arg] [-key arg] [-passin ARG] [-certfile][-selfsign] [-inch file] [-outfile] [-notext] [-outdirdir] [-infiles] [-spkacfile] [-ss_certfile] [-preservedn] [-batch] [-msie_hack] [-extensions Section][-utf8] [-create_serial] [-multivalue-rdn] [-sigopt] [- noemaildn][-crlsec] [-extfilefile] [-updatedb] [-engineID]

Options

-verbose-talk alot whiledoing things-configfile-A Configfile-name Arg-The particular CA definition to use-GENCRL-Generate a new CRL-crldays Days-The next CRL is due-crlhours hours-Hours is while the next CRL is due-startdate YYMMDDHHMMSSZ-Certificate Validity notbefore-enddate yymmddhhmmssz-certificate Validity Notafter (Overrides-Days )-days Arg-number of days to certify the certificate for-MD ARG-MD to use, see OpenSSL dgst-h forList-policy arg-the CA'Policy' to support-keyfile arg-private Keyfile-keyform arg-private Keyfileformat (PEM or ENGINE)-key Arg-key to decode the private keyifIt is encrypted-certfile-The CA certificate-selfsign-Sign a certificate with the key associated with it-inch file-The input PEM encoded certificate request (s)-outfile-Where to put the outputfile(s)-outdirdir-Where to put output certificates-infiles ....-The Lastargument, requests to process-spkacfile-File contains DN and signed public key and challenge-ss_certfile-File contains a self signed Cert to sign-preservedn-don'T re-order the DN-noemaildn-don't add the EMAIL field into certificate'subject-batch-don'T Ask questions-msie_hack-MSIE Modifications to handle all those universal strings-revokefile-Revoke a certificate (giveninch file) -SUBJ arg-use ARG instead of request's Subject-utf8-input characters is UTF8 (default ASCII)-multivalue-rdn-enable Support formultivalued RDNs-extensions. -Extension section (override ValueinchConfigfile) -extfilefile-ConfigurationfileWith x509v3 extentions to add-crlexts. -CRL Extension section (override valueinchConfigfile) -engine e-Use engine E, possibly a hardware device.-status Serial-shows certificate status given the serial number-updatedb-updates DB forExpired certificates

Third, examples

1. Issuing the certificate request file

OpenSSL CA- in cert_req.pem-extensions v3_ca-out Newcert.pem

Or

365 -md sha1-policy policy_anything-cert Democa/cacert.pem- in Cert_req.pem-out cert1.pem-preserved N-noemaildn-subj/cn=cn/o=js/ou=wx/cn=myname-extensions myexts

2. Revocation of certificates

OpenSSL Ca-revoke Newcert.pem

3. Generating CRLs

OpenSSL ca-gencrl-out crl.crl-config/root/workspace/testssl/openssl/apps/openssl.cnf

Set reason, suspend processing method

OpenSSL Ca-gencrl-crl_reason keycompromise-crl_compromise 20010101030303Z  -crl_hold holdinstructionreject-crl_ Ca_compromise   -out crl2.crl

Reference: http://blog.csdn.net/as3luyuan123/article/details/13346613

Openssl CA Command

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.