Collections:
Other Resources:
OpenSSL "ca" Command Options
What can I use OpenSSL "ca" command for? What are options supported by the "ca" command?
✍: FYIcenter.com
OpenSSL "ca" command is a CA (Certificate Authority) tool. It can be used to sign CSR (Certificate Signing Request) in a variety of forms and generate CRLs. It also maintains a text database of issued certificates and their status.
Here are options supported by the "ca" command:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -help unknown option -help usage: ca args -verbose - Talk alot while doing things -config file - A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg - private key file -keyform arg - private key file format (PEM or ENGINE) -key arg - key to decode the private key if it is encrypted -cert file - The CA certificate -selfsign - sign a certificate with the key associated with it -in file - The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles .... - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file - Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -utf8 - input characters are UTF8 (default ASCII) -multivalue-rdn - enable support for multivalued RDNs -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extentions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates error in ca
2016-09-18, 8891🔥, 0💬
Popular Posts:
Certificate Summary: Subject: GlobalSign Atlas R3 DV TLS CA 2022 Q1 Issuer: GlobalSign Expiration: 2...
Why "DigiNotar Root CA" certificate is shown as "not trusted" in Mozilla Firefox 47? It seems be a r...
Certificate Summary: Subject: tinyurl.com Issuer: Go Daddy Secure Certification Authority Expiration...
Certificate summary - Owner: www.orange.fr, Orange France, France Telecom SA, L=Paris, ST=France, FR...
Certificate summary - Owner: *.archive.org, Domain Control Validated, *.archive.org Issuer: SERIALNU...