Let's make all the example formated the same, shall we?
This commit is contained in:
Richard Levitte
parent
8548d44270
commit
1675f6eb05
@ -334,19 +334,19 @@ demoCA/index.txt.
|
||||
|
||||
Sign a certificate request:
|
||||
|
||||
openssl ca -in req.pem -out newcert.pem
|
||||
openssl ca -in req.pem -out newcert.pem
|
||||
|
||||
Generate a CRL
|
||||
|
||||
openssl ca -gencrl -out crl.pem
|
||||
openssl ca -gencrl -out crl.pem
|
||||
|
||||
Sign several requests:
|
||||
|
||||
openssl ca -infiles req1.pem req2.pem req3.pem
|
||||
openssl ca -infiles req1.pem req2.pem req3.pem
|
||||
|
||||
Certify a Netscape SPKAC:
|
||||
|
||||
openssl ca -spkac spkac.txt
|
||||
openssl ca -spkac spkac.txt
|
||||
|
||||
A sample SPKAC file (the SPKAC line has been truncated for clarity):
|
||||
|
||||
|
||||
@ -129,23 +129,23 @@ The PEM private key format uses the header and footer lines:
|
||||
|
||||
To remove the pass phrase on a DSA private key:
|
||||
|
||||
C<openssl dsa -in key.pem -out keyout.pem>
|
||||
openssl dsa -in key.pem -out keyout.pem
|
||||
|
||||
To encrypt a private key using triple DES:
|
||||
|
||||
C<openssl dsa -in key.pem -des3 -out keyout.pem>
|
||||
openssl dsa -in key.pem -des3 -out keyout.pem
|
||||
|
||||
To convert a private key from PEM to DER format:
|
||||
|
||||
C<openssl dsa -in key.pem -outform DER -out keyout.der>
|
||||
openssl dsa -in key.pem -outform DER -out keyout.der
|
||||
|
||||
To print out the components of a private key to standard output:
|
||||
|
||||
C<openssl dsa -in key.pem -text -noout>
|
||||
openssl dsa -in key.pem -text -noout
|
||||
|
||||
To just output the public part of a private key:
|
||||
|
||||
C<openssl dsa -in key.pem -pubout -out pubkey.pem>
|
||||
openssl dsa -in key.pem -pubout -out pubkey.pem
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
|
||||
@ -135,23 +135,23 @@ The PEM private key format uses the header and footer lines:
|
||||
|
||||
To remove the pass phrase on an RSA private key:
|
||||
|
||||
C<openssl rsa -in key.pem -out keyout.pem>
|
||||
openssl rsa -in key.pem -out keyout.pem
|
||||
|
||||
To encrypt a private key using triple DES:
|
||||
|
||||
C<openssl rsa -in key.pem -des3 -out keyout.pem>
|
||||
openssl rsa -in key.pem -des3 -out keyout.pem
|
||||
|
||||
To convert a private key from PEM to DER format:
|
||||
|
||||
C<openssl rsa -in key.pem -outform DER -out keyout.der>
|
||||
openssl rsa -in key.pem -outform DER -out keyout.der
|
||||
|
||||
To print out the components of a private key to standard output:
|
||||
|
||||
C<openssl rsa -in key.pem -text -noout>
|
||||
openssl rsa -in key.pem -text -noout
|
||||
|
||||
To just output the public part of a private key:
|
||||
|
||||
C<openssl rsa -in key.pem -pubout -out pubkey.pem>
|
||||
openssl rsa -in key.pem -pubout -out pubkey.pem
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
|
||||
@ -248,24 +248,25 @@ the signers certificates.
|
||||
|
||||
Create a cleartext signed message:
|
||||
|
||||
openssl smime -sign -in message.txt -text -out mail.msg
|
||||
-signer mycert.pem
|
||||
openssl smime -sign -in message.txt -text -out mail.msg \
|
||||
-signer mycert.pem
|
||||
|
||||
Create and opaque signed message
|
||||
|
||||
openssl smime -sign -in message.txt -text -out mail.msg -nodetach
|
||||
-signer mycert.pem
|
||||
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
|
||||
-signer mycert.pem
|
||||
|
||||
Create a signed message, include some additional certificates and
|
||||
read the private key from another file:
|
||||
|
||||
openssl smime -sign -in in.txt -text -out mail.msg
|
||||
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
|
||||
openssl smime -sign -in in.txt -text -out mail.msg \
|
||||
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
|
||||
|
||||
Send a signed message under Unix directly to sendmail, including headers:
|
||||
|
||||
openssl smime -sign -in in.txt -text -signer mycert.pem -from steve@openssl.org
|
||||
-to someone@somewhere -subject "Signed message" | sendmail someone@somewhere
|
||||
openssl smime -sign -in in.txt -text -signer mycert.pem \
|
||||
-from steve@openssl.org -to someone@somewhere \
|
||||
-subject "Signed message" | sendmail someone@somewhere
|
||||
|
||||
Verify a message and extract the signer's certificate if successful:
|
||||
|
||||
@ -273,14 +274,16 @@ Verify a message and extract the signer's certificate if successful:
|
||||
|
||||
Send encrypted mail using triple DES:
|
||||
|
||||
openssl smime -encrypt -in in.txt -from steve@openssl.org -to someone@somewhere
|
||||
-subject "Encrypted message" -des3 user.pem -out mail.msg
|
||||
openssl smime -encrypt -in in.txt -from steve@openssl.org \
|
||||
-to someone@somewhere -subject "Encrypted message" \
|
||||
-des3 user.pem -out mail.msg
|
||||
|
||||
Sign and encrypt mail:
|
||||
|
||||
openssl smime -sign -in ml.txt -signer my.pem -text | openssl -encrypt -out mail.msg
|
||||
-from steve@openssl.org -to someone@somewhere -subject "Signed and Encrypted message"
|
||||
-des3 user.pem
|
||||
openssl smime -sign -in ml.txt -signer my.pem -text \
|
||||
| openssl -encrypt -out mail.msg \
|
||||
-from steve@openssl.org -to someone@somewhere \
|
||||
-subject "Signed and Encrypted message" -des3 user.pem
|
||||
|
||||
Note: the encryption command does not include the B<-text> option because the message
|
||||
being encrypted already has MIME headers.
|
||||
|
||||
@ -336,46 +336,46 @@ line.
|
||||
|
||||
Display the contents of a certificate:
|
||||
|
||||
openssl x509 -in cert.pem -noout -text
|
||||
openssl x509 -in cert.pem -noout -text
|
||||
|
||||
Display the certificate serial number:
|
||||
|
||||
openssl x509 -in cert.pem -noout -serial
|
||||
openssl x509 -in cert.pem -noout -serial
|
||||
|
||||
Display the certificate MD5 fingerprint:
|
||||
|
||||
openssl x509 -in cert.pem -noout -fingerprint
|
||||
openssl x509 -in cert.pem -noout -fingerprint
|
||||
|
||||
Display the certificate SHA1 fingerprint:
|
||||
|
||||
openssl x509 -sha1 -in cert.pem -noout -fingerprint
|
||||
openssl x509 -sha1 -in cert.pem -noout -fingerprint
|
||||
|
||||
Convert a certificate from PEM to DER format:
|
||||
|
||||
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
|
||||
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
|
||||
|
||||
Convert a certificate to a certificate request:
|
||||
|
||||
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
|
||||
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
|
||||
|
||||
Convert a certificate request into a self signed certificate using
|
||||
extensions for a CA:
|
||||
|
||||
openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
|
||||
-signkey key.pem -out cacert.pem
|
||||
openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
|
||||
-signkey key.pem -out cacert.pem
|
||||
|
||||
Sign a certificate request using the CA certificate above and add user
|
||||
certificate extensions:
|
||||
|
||||
openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
|
||||
-CA cacert.pem -CAkey key.pem -CAcreateserial
|
||||
openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
|
||||
-CA cacert.pem -CAkey key.pem -CAcreateserial
|
||||
|
||||
|
||||
Set a certificate to be trusted for SSL client use and change set its alias to
|
||||
"Steve's Class 1 CA"
|
||||
|
||||
openssl x509 -in cert.pem -addtrust sslclient \
|
||||
-alias "Steve's Class 1 CA" -out trust.pem
|
||||
openssl x509 -in cert.pem -addtrust sslclient \
|
||||
-alias "Steve's Class 1 CA" -out trust.pem
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user