Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (976)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3313)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2662)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "ca" Command Options
What can I use OpenSSL "ca" command for? What are options supported by the "ca" command?
✍: FYIcenter.com
OpenSSL "ca" command is a CA (Certificate Authority) tool.
It can be used to sign CSR (Certificate Signing Request) in a variety of forms
and generate CRLs. It also maintains a text database of issued
certificates and their status.
Here are options supported by the "ca" command:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -help unknown option -help usage: ca args -verbose - Talk alot while doing things -config file - A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg - private key file -keyform arg - private key file format (PEM or ENGINE) -key arg - key to decode the private key if it is encrypted -cert file - The CA certificate -selfsign - sign a certificate with the key associated with it -in file - The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles .... - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file - Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -utf8 - input characters are UTF8 (default ASCII) -multivalue-rdn - enable support for multivalued RDNs -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extentions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates error in ca
2016-09-18, 7424👍, 0💬
Popular Posts:
Certificate summary - Owner: *.sites.myregisteredsite .com,Domain Control Validated - RapidSSL(R), S...
Certificate Summary: Subject: GeoTrust RSA CA 2018 Issuer: DigiCert Global Root CA Expiration: 2027-...
What is the structure of certificates? What types of values are recorded in a certificate? The struc...
Certificate summary - Owner: www.siteadvisor.com, McAfee Inc., Dmcafee, Dcom Issuer: NAI SSL CA v1, ...
Certificate Summary: Subject: Equifax Secure Certificate Authority Issuer: Equifax Secure Certificat...