OpenSSL - OpenSSL "policy" Options for "ca" Command

Home > OpenSSL

OpenSSL "policy" Options for "ca" Command

Q

What are policy options in the configuration file for the OpenSSL "ca" command?

✍: FYIcenter.com

A

Policy options in the configuration file are used by the OpenSSL "ca" command for 2 purposes:

Defines validation rules for DN (Distinguished Name) fields.
Defines the order of DN (Distinguished Name) fields in the certificate.

Policy options must provided in a named section, like [my_ca_policy], in the configuration file. Then you can:

Use "policy=my_ca_policy" option in the configuration to point to that section.
Use "-policy my_ca_policy" option in the command line to point to that section.

A policy option is defined with the DN field name and one of 3 possible values: "optional" - value not required for this DN field, "supplied" - value required for this DN field, "match" - value must match between subject and issuer.

Below is a good example of policy option section. It requires only the "commonName" field to have value. And "commonName" will be listed as the first field in the subject.

# section for DN field validation and order
[my_ca_policy]
commonName             = supplied
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
emailAddress           = optional

⇒ Simple Working Configuration File for OpenSSL "ca"

⇐ OpenSSL "ca" Error "cannot lookup how many days ..."

⇑ OpenSSL "ca" Command

⇑⇑ OpenSSL Tutorials

2016-09-04, 1122👍, 0💬

OpenSSL "ca" Error "cannot lookup how many days ..."
Why I am getting the "cannot lookup how many days to certify for" error when running OpenSSL "ca" command? You are getting the "cannot lookup how many days to certify for" error, because OpenSSL "ca" command can not find the required "default_days" option in the configuration file. For example, if y... 2016-09-08, 2091👍, 0💬

OpenSSL "policy" Options for "ca" Command
What are policy options in the configuration file for the OpenSSL "ca" command? Policy options in the configuration file are used by the OpenSSL "ca" command for 2 purposes: Defines validation rules for DN (Distinguished Name) fields. Defines the order of DN (Distinguished Name) fields in the certif... 2016-09-04, 1123👍, 0💬

Other OpenSSL Versions for Windows
Any other versions of OpenSSL for Windows systems? Yes, here is a collection of tutorials on other OpenSSL versions for Windows compiled by FYIcenter.com team. Download OpenSSL 0.9.8h for Windows Install OpenSSL 0.9.8h on Windows Start OpenSSL on Windows Systems ⇒ Download OpenSSL 0.9.8h for Windo... 2016-09-04, 1046👍, 0💬

Simple Working Configuration File for OpenSSL "ca"
Where to find a simple configuration file example for the OpenSSL "ca" command? Here is a simple configuration file example for the OpenSSL "ca" command: # Unnamed section of generic options # ------------------------------ ------------------------------ ------# Section for the "default_ca" option # ... 2016-09-04, 863👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.