Let's make all the example formated the same, shall we?
This commit is contained in:
Richard Levitte
parent
8548d44270
commit
1675f6eb05
@ -334,19 +334,19 @@ demoCA/index.txt.
|
|||||||
|
|
||||||
Sign a certificate request:
|
Sign a certificate request:
|
||||||
|
|
||||||
openssl ca -in req.pem -out newcert.pem
|
openssl ca -in req.pem -out newcert.pem
|
||||||
|
|
||||||
Generate a CRL
|
Generate a CRL
|
||||||
|
|
||||||
openssl ca -gencrl -out crl.pem
|
openssl ca -gencrl -out crl.pem
|
||||||
|
|
||||||
Sign several requests:
|
Sign several requests:
|
||||||
|
|
||||||
openssl ca -infiles req1.pem req2.pem req3.pem
|
openssl ca -infiles req1.pem req2.pem req3.pem
|
||||||
|
|
||||||
Certify a Netscape SPKAC:
|
Certify a Netscape SPKAC:
|
||||||
|
|
||||||
openssl ca -spkac spkac.txt
|
openssl ca -spkac spkac.txt
|
||||||
|
|
||||||
A sample SPKAC file (the SPKAC line has been truncated for clarity):
|
A sample SPKAC file (the SPKAC line has been truncated for clarity):
|
||||||
|
|
||||||
|
|||||||
@ -129,23 +129,23 @@ The PEM private key format uses the header and footer lines:
|
|||||||
|
|
||||||
To remove the pass phrase on a DSA private key:
|
To remove the pass phrase on a DSA private key:
|
||||||
|
|
||||||
C<openssl dsa -in key.pem -out keyout.pem>
|
openssl dsa -in key.pem -out keyout.pem
|
||||||
|
|
||||||
To encrypt a private key using triple DES:
|
To encrypt a private key using triple DES:
|
||||||
|
|
||||||
C<openssl dsa -in key.pem -des3 -out keyout.pem>
|
openssl dsa -in key.pem -des3 -out keyout.pem
|
||||||
|
|
||||||
To convert a private key from PEM to DER format:
|
To convert a private key from PEM to DER format:
|
||||||
|
|
||||||
C<openssl dsa -in key.pem -outform DER -out keyout.der>
|
openssl dsa -in key.pem -outform DER -out keyout.der
|
||||||
|
|
||||||
To print out the components of a private key to standard output:
|
To print out the components of a private key to standard output:
|
||||||
|
|
||||||
C<openssl dsa -in key.pem -text -noout>
|
openssl dsa -in key.pem -text -noout
|
||||||
|
|
||||||
To just output the public part of a private key:
|
To just output the public part of a private key:
|
||||||
|
|
||||||
C<openssl dsa -in key.pem -pubout -out pubkey.pem>
|
openssl dsa -in key.pem -pubout -out pubkey.pem
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
|||||||
@ -135,23 +135,23 @@ The PEM private key format uses the header and footer lines:
|
|||||||
|
|
||||||
To remove the pass phrase on an RSA private key:
|
To remove the pass phrase on an RSA private key:
|
||||||
|
|
||||||
C<openssl rsa -in key.pem -out keyout.pem>
|
openssl rsa -in key.pem -out keyout.pem
|
||||||
|
|
||||||
To encrypt a private key using triple DES:
|
To encrypt a private key using triple DES:
|
||||||
|
|
||||||
C<openssl rsa -in key.pem -des3 -out keyout.pem>
|
openssl rsa -in key.pem -des3 -out keyout.pem
|
||||||
|
|
||||||
To convert a private key from PEM to DER format:
|
To convert a private key from PEM to DER format:
|
||||||
|
|
||||||
C<openssl rsa -in key.pem -outform DER -out keyout.der>
|
openssl rsa -in key.pem -outform DER -out keyout.der
|
||||||
|
|
||||||
To print out the components of a private key to standard output:
|
To print out the components of a private key to standard output:
|
||||||
|
|
||||||
C<openssl rsa -in key.pem -text -noout>
|
openssl rsa -in key.pem -text -noout
|
||||||
|
|
||||||
To just output the public part of a private key:
|
To just output the public part of a private key:
|
||||||
|
|
||||||
C<openssl rsa -in key.pem -pubout -out pubkey.pem>
|
openssl rsa -in key.pem -pubout -out pubkey.pem
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
|||||||
@ -248,24 +248,25 @@ the signers certificates.
|
|||||||
|
|
||||||
Create a cleartext signed message:
|
Create a cleartext signed message:
|
||||||
|
|
||||||
openssl smime -sign -in message.txt -text -out mail.msg
|
openssl smime -sign -in message.txt -text -out mail.msg \
|
||||||
-signer mycert.pem
|
-signer mycert.pem
|
||||||
|
|
||||||
Create and opaque signed message
|
Create and opaque signed message
|
||||||
|
|
||||||
openssl smime -sign -in message.txt -text -out mail.msg -nodetach
|
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
|
||||||
-signer mycert.pem
|
-signer mycert.pem
|
||||||
|
|
||||||
Create a signed message, include some additional certificates and
|
Create a signed message, include some additional certificates and
|
||||||
read the private key from another file:
|
read the private key from another file:
|
||||||
|
|
||||||
openssl smime -sign -in in.txt -text -out mail.msg
|
openssl smime -sign -in in.txt -text -out mail.msg \
|
||||||
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
|
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
|
||||||
|
|
||||||
Send a signed message under Unix directly to sendmail, including headers:
|
Send a signed message under Unix directly to sendmail, including headers:
|
||||||
|
|
||||||
openssl smime -sign -in in.txt -text -signer mycert.pem -from steve@openssl.org
|
openssl smime -sign -in in.txt -text -signer mycert.pem \
|
||||||
-to someone@somewhere -subject "Signed message" | sendmail someone@somewhere
|
-from steve@openssl.org -to someone@somewhere \
|
||||||
|
-subject "Signed message" | sendmail someone@somewhere
|
||||||
|
|
||||||
Verify a message and extract the signer's certificate if successful:
|
Verify a message and extract the signer's certificate if successful:
|
||||||
|
|
||||||
@ -273,14 +274,16 @@ Verify a message and extract the signer's certificate if successful:
|
|||||||
|
|
||||||
Send encrypted mail using triple DES:
|
Send encrypted mail using triple DES:
|
||||||
|
|
||||||
openssl smime -encrypt -in in.txt -from steve@openssl.org -to someone@somewhere
|
openssl smime -encrypt -in in.txt -from steve@openssl.org \
|
||||||
-subject "Encrypted message" -des3 user.pem -out mail.msg
|
-to someone@somewhere -subject "Encrypted message" \
|
||||||
|
-des3 user.pem -out mail.msg
|
||||||
|
|
||||||
Sign and encrypt mail:
|
Sign and encrypt mail:
|
||||||
|
|
||||||
openssl smime -sign -in ml.txt -signer my.pem -text | openssl -encrypt -out mail.msg
|
openssl smime -sign -in ml.txt -signer my.pem -text \
|
||||||
-from steve@openssl.org -to someone@somewhere -subject "Signed and Encrypted message"
|
| openssl -encrypt -out mail.msg \
|
||||||
-des3 user.pem
|
-from steve@openssl.org -to someone@somewhere \
|
||||||
|
-subject "Signed and Encrypted message" -des3 user.pem
|
||||||
|
|
||||||
Note: the encryption command does not include the B<-text> option because the message
|
Note: the encryption command does not include the B<-text> option because the message
|
||||||
being encrypted already has MIME headers.
|
being encrypted already has MIME headers.
|
||||||
|
|||||||
@ -336,46 +336,46 @@ line.
|
|||||||
|
|
||||||
Display the contents of a certificate:
|
Display the contents of a certificate:
|
||||||
|
|
||||||
openssl x509 -in cert.pem -noout -text
|
openssl x509 -in cert.pem -noout -text
|
||||||
|
|
||||||
Display the certificate serial number:
|
Display the certificate serial number:
|
||||||
|
|
||||||
openssl x509 -in cert.pem -noout -serial
|
openssl x509 -in cert.pem -noout -serial
|
||||||
|
|
||||||
Display the certificate MD5 fingerprint:
|
Display the certificate MD5 fingerprint:
|
||||||
|
|
||||||
openssl x509 -in cert.pem -noout -fingerprint
|
openssl x509 -in cert.pem -noout -fingerprint
|
||||||
|
|
||||||
Display the certificate SHA1 fingerprint:
|
Display the certificate SHA1 fingerprint:
|
||||||
|
|
||||||
openssl x509 -sha1 -in cert.pem -noout -fingerprint
|
openssl x509 -sha1 -in cert.pem -noout -fingerprint
|
||||||
|
|
||||||
Convert a certificate from PEM to DER format:
|
Convert a certificate from PEM to DER format:
|
||||||
|
|
||||||
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
|
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
|
||||||
|
|
||||||
Convert a certificate to a certificate request:
|
Convert a certificate to a certificate request:
|
||||||
|
|
||||||
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
|
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
|
||||||
|
|
||||||
Convert a certificate request into a self signed certificate using
|
Convert a certificate request into a self signed certificate using
|
||||||
extensions for a CA:
|
extensions for a CA:
|
||||||
|
|
||||||
openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
|
openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
|
||||||
-signkey key.pem -out cacert.pem
|
-signkey key.pem -out cacert.pem
|
||||||
|
|
||||||
Sign a certificate request using the CA certificate above and add user
|
Sign a certificate request using the CA certificate above and add user
|
||||||
certificate extensions:
|
certificate extensions:
|
||||||
|
|
||||||
openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
|
openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
|
||||||
-CA cacert.pem -CAkey key.pem -CAcreateserial
|
-CA cacert.pem -CAkey key.pem -CAcreateserial
|
||||||
|
|
||||||
|
|
||||||
Set a certificate to be trusted for SSL client use and change set its alias to
|
Set a certificate to be trusted for SSL client use and change set its alias to
|
||||||
"Steve's Class 1 CA"
|
"Steve's Class 1 CA"
|
||||||
|
|
||||||
openssl x509 -in cert.pem -addtrust sslclient \
|
openssl x509 -in cert.pem -addtrust sslclient \
|
||||||
-alias "Steve's Class 1 CA" -out trust.pem
|
-alias "Steve's Class 1 CA" -out trust.pem
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user