Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2415)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6558)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5292)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "ca" Command Options
What can I use OpenSSL "ca" command for? What are options supported by the "ca" command?
✍: FYIcenter.com
OpenSSL "ca" command is a CA (Certificate Authority) tool. It can be used to sign CSR (Certificate Signing Request) in a variety of forms and generate CRLs. It also maintains a text database of issued certificates and their status.
Here are options supported by the "ca" command:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -help unknown option -help usage: ca args -verbose - Talk alot while doing things -config file - A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg - private key file -keyform arg - private key file format (PEM or ENGINE) -key arg - key to decode the private key if it is encrypted -cert file - The CA certificate -selfsign - sign a certificate with the key associated with it -in file - The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles .... - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file - Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -utf8 - input characters are UTF8 (default ASCII) -multivalue-rdn - enable support for multivalued RDNs -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extentions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates error in ca
2016-09-18, 8523👍, 0💬
Popular Posts:
Certificate Summary: Subject: Thawte Server CA Issuer: Thawte Server CA Expiration: 2021-01-01 23:59...
How to view Java VM certificates using Java Control Panel on Mac computers? To view Java VM certific...
Certificate summary - Owner: *.acesse.com, Domain Control Validated, *.acesse.com Issuer: SERIALNUMB...
Certificate summary - Owner: Entrust Certification Authority - L1C, "(c) 2009 Entrust, Inc.", www.en...
Why I am getting this "SunCertPathBuilderExcep tion"error for my Java application? The error message...