X509(1) OpenSSL X509(1)
NAME
x509 - Certificate
display and signing utility
# 注释 :x509 是证书显示和签名工具
SYNOPSIS
openssl x509 [-inform DER│PEM│NET] [-outform DER│PEM│NET] [-keyform
DER│PEM] [-CAform DER│PEM] [-CAkeyform DER│PEM] [-in
filename]
[-out filename] [-serial] [-hash] [-subject] [-issuer] [-nameopt option] [-email]
[-startdate] [-enddate] [-purpose]
[-dates]
[-modulus] [-fingerprint]
[-alias] [-noout] [-trustout] [-clrtrust]
[-clrreject][-addtrust arg] [-addreject arg] [-setalias arg]
[-days arg] [-set_serial n] [-signkey
filename] [-x509toreq] [-req] [-CA filename] [-CAkey
filename] [-CAcreateserial]
[-CAserial filename] [-text] [-C] [-md2│-md5│-sha1│-mdc2] [-clrext] [-extfile
filename] [-extensions section] [-engine id]
DESCRIPTION
The x509 command
is a multi purpose certificate utility. It can be
used to display
certificate information, convert certificates to vari-
ous forms, sign
certificate requests like a "mini CA" or edit certifi-
cate trust
settings.
# 注释 :x509 是一个多功能的证书工具。它可以用于显示证书的信息,转换证书的格式、对 CSR
进行签名(mini CA)
# 或者编辑证书的信任设置
Since there are a large number of options they will split up into
var-
ious sections.
# 注释 :因为有很多的选项,所以分成不同的章节
OPTIONS
INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
# 注释 :下面是输入、输出、和通用的选项
-inform DER│PEM│NET
This specifies the
input format normally the command will expect
an X509 certificate but
this can change if other options such as
-req are present. The DER format
is the DER encoding of the cer-
tificate and PEM is the base64 encoding
of the DER encoding with
header and footer lines added. The NET option is
an obscure
Netscape server format that is now obsolete.
-outform DER│PEM│NET
This specifies the
output format, the options have the same mean-
ing as the -inform
option.
# 注释 :-outform 可以用于转换证书格式。DER <->
PEM
-in filename
This specifies the input
filename to read a certificate from or
standard input if this option is
not specified.
-out filename
This specifies the output
filename to write to or standard output
by default.
-md2│-md5│-sha1│-mdc2
the digest to use.
This affects any signing or display option that
uses a message digest,
such as the -fingerprint, -signkey and -CA
options. If not specified then
MD5 is used. If the key being used
to sign with is a DSA key then this
option has no effect: SHA1 is
always used with DSA keys.
-engine id
specifying an engine (by it’s
unique id string) will cause req to
attempt to obtain a functional
reference to the specified engine,
thus initialising it if needed. The
engine will then be set as the
default for all available
algorithms.
DISPLAY OPTIONS
# 注释 :下面介绍显示方面的选项
Note: the -alias and -purpose options are also display options but
are
described in the TRUST SETTINGS section.
# 注释 :注意!-alias 和 -purpose 选项也是用于显示的,但放在 TRUST
SETTINGS 中介绍
-text
prints out the certificate in text
form. Full details are output
including the public key, signature
algorithms, issuer and subject
names, serial number any extensions
present and any trust set-
tings.
# 注释 :-text 就是用于以文本格式输出证书的内容
-certopt option
customise the output format
used with -text. The option argument
can be a single option or multiple
options separated by commas.
The -certopt switch may be also be used more
than once to set mul-
tiple options. See the TEXT OPTIONS section for
more information.
# 注释 :-certopt 自定义 -text
的输出格式。它可以是单一个选项或者多个用逗号隔开的选项。
# -certopt 可以使用多次。
-noout
this option prevents output of the
encoded version of the request.
-modulus
this option prints out the value of
the modulus of the public key
contained in the certificate.
-serial
outputs the certificate serial
number.
# 注释 :-serial 输出证书的序列号
-hash
outputs the "hash" of the certificate
subject name. This is used
in OpenSSL to form an index to allow
certificates in a directory
to be looked up by subject name.
# 注释 :-hash 输出证书的 Subject 字段的值的 hash
值
# 它允许 Openssl 为每个证书生成一个索引,便于查询
-subject
outputs the subject name.
# 注释 :-subject 输出证书的 Subject
-issuer
outputs the issuer name.
# 注释 :-issuer 用于输出证书的 Issuer
-nameopt option
option which determines how
the subject or issuer names are dis-
played. The option argument can be a
single option or multiple
options separated by commas. Alternatively the
-nameopt switch
may be used more than once to set multiple options. See
the NAME
OPTIONS section for more information.
# 注释 :-nameopt 用于控制 Subject 或者 Issuer
字段如何显示。该选项可以是单独一个选项,或者多个选项(用逗号隔开)
# 该选项可以使用多次
-email
outputs the email address(es) if
any.
# 注释 :-email 输出 email 地址,如果有的话
-startdate
prints out the start date of the
certificate, that is the notBe-
fore date.
# 注释 :-stardate 打印该证书的启用时间,也就是 notBefore
Date
-enddate
prints out the expiry date of the
certificate, that is the
notAfter date.
# 注释 :-enddate 也就是打印证书的 notAfeter Date
-dates
prints out the start and expiry dates
of a certificate.
# 注释 :-dates 用于打印证书的启用/失效期
-fingerprint
prints out the digest of the
DER encoded version of the whole cer-
tificate (see digest
options).
# 注释 :-fingerprint 用于打印整个证书的消息摘要(DER
编码)
-C this outputs the certificate in the form of a C
source file.
# 注释 :-C 输出证书的格式,以 C 源代码的格式
TRUST SETTINGS
Please note these options are currently experimental and may
well
change.
# 注释 :下面这些选项是实验阶段而已
A trusted certificate is an ordinary certificate which has
several
additional pieces of information attached to it such as the
permitted
and prohibited uses of the certificate and an "alias".
# 注释 :所谓受信任证书(Trusted
certificates)也就是一个普通的证书,但多了一些附加的信息,例如
# 允许/禁止的证书用途和一个别名
Normally when a certificate
is being verified at least one certificate
must be "trusted". By default a trusted certificate
must be stored
locally
and must be a root CA: any
certificate chain ending in this CA
is then usable for any purpose.
# 注释
:一般情况下,一个证书如果正被校验,则必须证书链至少有一个证书是被本地主机所信任的,
# 而且这个被信任的证书还必须被安装被本地,而且必须是一个根证书
:任何证书链以该受信任的根证书结尾的证书都被信任
Trust settings currently are only used with a root CA. They allow
a
finer control over the purposes the root CA can be used for. For
exam-
ple a CA may be trusted for SSL client but not SSL server
use.
# 注释 :信任设置目前只对于一个 根 CA (root
CA)可用。
See the description of the verify utility for more information on
the
meaning of trust settings.
Future versions of OpenSSL will recognize trust settings on any
cer-
tificate: not just root CAs.
# 注释 :未来版本的 OpenSSL 将会识别任何证书的信任设置,而不仅仅是 root CA
而已
-trustout
this causes x509 to output a
trusted certificate. An ordinary or
trusted certificate can be input but
by default an ordinary cer-
tificate is output and any trust settings are
discarded. With the
-trustout option a trusted certificate is output. A
trusted cer-
tificate is automatically output if any trust settings are
modi-
fied.
# 注释 :-trustout 让 x509 输出一个受信任证书。
#
一般情况下,输入一个受信任证书或者普通证书,只会得到一个普通证书,或者丢弃信任设置
# 但如果用了 -trustout 则会生成一个受信任证书。
-setalias arg
sets the alias of the
certificate. This will allow the certificate
to be referred to using a
nickname for example "Steve’s Certifi-
cate".
# 注释:-setalias
用于给证书设置一个别名,允许证书以该别名被引用
-alias
outputs the certificate alias, if
any.
# 注释 :-alias 用于打印证书的别名,如果有的话
-clrtrust
clears all the permitted or
trusted uses of the certificate.
# 注释 :-clrtrust 用于清除所有证书的信任设置
-clrreject
clears all the prohibited or
rejected uses of the certificate.
# 注释 :-clrreject
用于清除一个证书关于使用用途的方面的限制
-addtrust arg
adds a trusted certificate
use. Any object name can be used here
but currently only clientAuth (SSL
client use), serverAuth (SSL
server use) and emailProtection (S/MIME
email) are used. Other
OpenSSL applications may define additional
uses.
# 注释 :-addtrust 用于增加证书的使用用途,可选的有
:clientAuth(SSL 客户机使用)、
# serverAuth(SSL 服务器使用)、emailProtection(S/MIME
)
-addreject arg
adds a prohibited use. It
accepts the same values as the -addtrust
option.
# 注释 :-addreject 用于取消证书的一个使用用途
-purpose
this option performs tests on the
certificate extensions and out-
puts the results. For a more complete
description see the CERTIFI-
CATE EXTENSIONS section.
# 注释 :-purpose 用于打印证书的用途
SIGNING OPTIONS
The x509 utility can be used to sign certificates and requests: it
can
thus behave like a "mini CA".
# 注释 :下面介绍签名方面的选项。x509
子命令可以用于对证书和请求进行签名,也就是扮演一个 mini CA 的角色
-signkey filename
this option causes the
input file to be self signed using the sup-
plied private key.
# 注释 :-signkey 指定要用于签名的 private key,实际上也就是生成一个
self-signed 证书
If the input file is a certificate it sets the issuer name to
the
subject name (i.e. makes it self signed) changes the public
key
to the supplied value and changes the start and end dates. The
start date is set to the current time and the end date is set to a
value
determined by the -days option. Any certificate extensions
are retained
unless the -clrext option is supplied.
# 注释 :假如输入文件是一个证书,它设置 issuer 的值为 subject
的值,也就是自己给自己签名。
# 改变公钥(由 -signkey 指定的 private key
计算得出),改变起始/结束日期。开始日期为当前时间,结束日期为 -days
选项的值。
# 任何证书扩展都无效,除非指定了 -clrext 选项
If the input is a certificate request then a self signed
certifi-
cate is created using the supplied private key using the
subject
name in the request.
# 注释 :假如输入是一个 CSR ,则建立一个 self0signed
证书
-clrext
delete any extensions from a
certificate. This option is used when
a certificate is being created from
another certificate (for exam-
ple with the -signkey or the -CA options).
Normally all extensions
are retained.
# 注释 :-clrext 删除一个证书的任何扩展
-keyform PEM│DER
specifies the format (DER
or PEM) of the private key file used in
the -signkey option.
# 注释 :-keyfrom 用于指定 -signkey 指定的 key 的格式,有 PEM
和 DER 两种可选
-days arg
specifies the number of days to
make a certificate valid for. The
default is 30 days.
# 注释 :-days 设置证书的有效期
-x509toreq
converts a certificate into a
certificate request. The -signkey
option is used to pass the required
private key.
# 注释 :-x509toreq 把一个证书“反向”转换为一个 CSR
。
# 注意!该选项需要指定 -signkey
-req
by default a certificate is expected on
input. With this option a
certificate request is expected instead.
# 注释 :默认情况下,x509
子命令是对证书签名,也就是希望输入的是一个未签名的证书。
# -req 则表示输入的是一个 CSR ,目的是生成一个 self-signed
证书
-set_serial n
specifies the serial number to
use. This option can be used with
either the -signkey or -CA options. If
used in conjunction with
the -CA option the serial number file (as
specified by the -CAse-
rial or -CAcreateserial options) is not
used.
# 注释 :-set_serial 设置证书的序列号
The serial number can be decimal or hex (if preceded by 0x).
Nega-
tive serial numbers can also be specified but their use is
not
recommended.
-CA filename
specifies the CA certificate to
be used for signing. When this
option is present x509 behaves like a
"mini CA". The input file is
signed by this CA using this option: that is
its issuer name is
set to the subject name of the CA and it is digitally
signed using
the CAs private key.
# 注释 :-CA 指定用于签名的 CA 的证书。当该选项被指定时,x509 子命令就扮演一个
mini CA 的角色。
# 输入文件被该 CA 签名,issuer 的值等于该 CA 证书的 subject 的
name ,并且由该 CA 的 private key 进行签名
# 补充 :self-signed 证书不等于 mini CA
签名的证书,前者可以认为是自己给自己认证,而后者的 CA 虽然是自己建立的,
# 但却是有一个
“机构”对它进行认证。而且该机构还可以认证多个证书,而前者只能认证自己而已。
This option is normally combined with the -req option. Without
the
-req option the input is a certificate which must be self
signed.
# 注释 :这个选项一般和 -req 一起使用,如果没有 -req ,则输入的文件必须是一个
self-signed 证书
-CAkey filename
sets the CA private key to
sign a certificate with. If this option
is not specified then it is
assumed that the CA private key is
present in the CA certificate
file.
# 注释 :-CAkey 指定 CA 的 private key
,用于签名证书。如果该选项没有指定,则假设 CA 的 private key
# 存在于 CA 的证书文件(-CA)
-CAserial filename
sets the CA serial number
file to use.
# 注释 :-CASerial 设置要使用的 CA 序列号文件
When the -CA option is used to sign a certificate it uses a
serial
number specified in a file. This file consist of one line
contain-
ing an even number of hex digits with the serial number to
use.
After each use the serial number is incremented and written out
to
the file again.
# 注释 :当 -CA
选项被用于对一个证书进行签名时,它会从该选项指定的文件中读取
# 序列号,并在成功签名后将值加1再写回去
# 该文件只有1行,是一个16进制的偶数
The default filename consists of the CA certificate file base
name
with ".srl" appended. For example if the CA certificate file
is
called "mycacert.pem" it expects to find a serial number file
called "mycacert.srl".
# 注释 :默认的序列号文件是 CA 证书文件的文件名去掉 .pem ,换成
.srl
-CAcreateserial
with this option the CA
serial number file is created if it does
not exist: it will contain the
serial number "02" and the certifi-
cate being signed will have the 1 as
its serial number. Normally
if the -CA option is specified and the serial
number file does not
exist it is an error.
# 注释 :-CAcreateserial
表示如果不存在序列号文件,则创建一个。
# 它会从 02 这个值开始,并且证书的序列号将从 1 开始。一般情况下,如果指定了 -CA
,
# 但由不存在序列号文件,则会报错
-extfile filename
file containing
certificate extensions to use. If not specified
then no extensions are
added to the certificate.
# 注释 :-extfile
指定一个含有证书扩展信息的文件。如果没有指定该选项,则不会增加任何扩展
-extensions section
the section to add
certificate extensions from. If this option is
not specified then the
extensions should either be contained in
the unnamed (default) section or
the default section should con-
tain a variable called "extensions" which
contains the section to
use.
NAME OPTIONS
The nameopt command line switch determines how the subject and
issuer
names are displayed. If no nameopt switch is present the
default "one-
line" format is used which is compatible with previous
versions of
OpenSSL. Each option is described in detail below, all
options can be
preceded by a - to turn the option off. Only the first
four will nor-
mally be used.
# 注释 :name options 主要是对上面的显示选项进行补充的。它控制了如何显示
Subject
# 和 Issuer 字段的值,如果没有指定 Name options
,则默认使用”一行输出“的格式。
# 下面的每个选项都可以用 -
作为前缀来去掉该选项。一般我们只用下面前4个格式而已
compat
use the old format. This is
equivalent to specifying no name
options at all.
# 注释 :compat 使用旧的格式。也就是“一行输出”的格式
RFC2253
displays names compatible with
RFC2253 equivalent to esc_2253,
esc_ctrl, esc_msb, utf8, dump_nostr,
dump_unknown, dump_der,
sep_comma_plus, dn_rev and sname.
# 注释 :RFC2253 显示兼容 RFC2253 的名称,等于 esc_2253
esc_ctrl esc_msb utf8 dump_nostr dump_unknown dump_der sep_comma_plus dn_rev
sname
# 这些选项在下面解释
oneline
a oneline format which is more
readable than RFC2253. It is equiv-
alent to specifying the esc_2253,
esc_ctrl, esc_msb, utf8,
dump_nostr, dump_der, use_quote,
sep_comma_plus_spc, spc_eq and
sname options.
# 注释 :online 只导尿管一个单行格式,但比 RFC 2253
更容易阅读。
# 它等于指定 esc_2253 esc_ctrl esc_msb utf8
dump_nostr dump_der use_quote sep_comma_plus_spc spc_eq sname 选项
multiline
a multiline format. It is
equivalent esc_ctrl, esc_msb, sep_multi-
line, spc_eq, lname and
align.
# 注释 :multiline 很明显是一个多行格式。等于 esc_ctrl esc_msb
sep_multiline 、spc_eq 、lname 、align
esc_2253
escape the "special" characters
required by RFC2253 in a field
That is ,+"<>;. Additionally # is
escaped at the beginning of a
string and a space character at the
beginning or end of a string.
# 注释 :esc_2253 把特殊的字符的进行转义。特殊字符包括 "," "+" '"'
"<" ">"
#
出现在字符串开始的注释号(#)也会被转义,字符串开始/结尾的空格也会被转义
esc_ctrl
escape control characters. That is
those with ASCII values less
than 0x20 (space) and the delete (0x7f)
character. They are
escaped using the RFC2253 \XX notation (where XX are
two hex dig-
its representing the character value).
# 注释 :esc_ctrl 用于对 控制字符进行转义。也就是 ASCII 值小于 20 以及
delete 字符(0x7f)
# 它们被用 \XX 的格式进行转义
esc_msb
escape characters with the MSB set,
that is with ASCII values
larger than 127.
use_quote
escapes some characters by
surrounding the whole string with "
characters, without the option all
escaping is done with the \
character.
utf8
convert all strings to UTF8 format
first. This is required by
RFC2253. If you are lucky enough to have a
UTF8 compatible termi-
nal then the use of this option (and not setting
esc_msb) may
result in the correct display of multibyte (international)
charac-
ters. Is this option is not present then multibyte
characters
larger than 0xff will be represented using the format \UXXXX
for
16 bits and \WXXXXXXXX for 32 bits. Also if this option is off
any UTF8Strings will be converted to their character form first.
no_type
this option does not attempt to
interpret multibyte characters in
any way. That is their content octets
are merely dumped as though
one octet represents each character. This is
useful for diagnostic
purposes but will result in rather odd looking
output.
show_type
show the type of the ASN1
character string. The type precedes the
field contents. For example
"BMPSTRING: Hello World".
dump_der
when this option is set any fields
that need to be hexdumped will
be dumped using the DER encoding of the
field. Otherwise just the
content octets will be displayed. Both options
use the RFC2253
#XXXX... format.
dump_nostr
dump non character string types
(for example OCTET STRING) if this
option is not set then non character
string types will be dis-
played as though each content octet represents
a single character.
dump_all
dump all fields. This option when
used with dump_der allows the
DER encoding of the structure to be
unambiguously determined.
dump_unknown
dump any field whose OID is not
recognised by OpenSSL.
sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space,
sep_multiline
these options determine the field separators. The
first character
is between RDNs and the second between multiple AVAs
(multiple
AVAs are very rare and their use is discouraged). The options
end-
ing in "space" additionally place a space after the separator
to
make it more readable. The sep_multiline uses a linefeed
character
for the RDN separator and a spaced + for the AVA separator.
It
also indents the fields by four characters.
dn_rev
reverse the fields of the DN. This is
required by RFC2253. As a
side effect this also reverses the order of
multiple AVAs but this
is permissible.
nofname, sname, lname, oid
these options
alter how the field name is displayed. nofname does
not display the field
at all. sname uses the "short name" form (CN
for commonName for example).
lname uses the long form. oid repre-
sents the OID in numerical form and
is useful for diagnostic pur-
pose.
align
align field values for a more readable
output. Only usable with
sep_multiline.
spc_eq
places spaces round the = character
which follows the field name.
TEXT OPTIONS
As well as customising the name output format, it is also possible
to
customise the actual fields printed using the certopt options when
the
text option is present. The default behaviour is to print all
fields.
compatible
use the old format. This is equivalent to
specifying no output
options at all.
no_header
don’t print header information: that is the lines
saying "Certifi-
cate" and "Data".
no_version
don’t print out the version number.
no_serial
don’t print out the serial number.
no_signame
don’t print out the signature algorithm
used.
no_validity
don’t print the validity, that is the notBefore
and notAfter
fields.
no_subject
don’t print out the subject name.
no_issuer
don’t print out the issuer name.
no_pubkey
don’t print out the public key.
no_sigdump
don’t give a hexadecimal dump of the certificate
signature.
no_aux
don’t print out certificate trust information.
no_extensions
don’t print out any X509V3 extensions.
ext_default
retain default extension behaviour: attempt to
print out unsup-
ported certificate extensions.
ext_error
print an error message for unsupported certificate
extensions.
ext_parse
ASN1 parse unsupported extensions.
ext_dump
hex dump unsupported extensions.
ca_default
the value used by the ca utility, equivalent to
no_issuer, no_pub-
key, no_header, no_version, no_sigdump and
no_signame.
EXAMPLES
Note: in these
examples the ’\’ means the example should be all on one
line.
Display the contents of a certificate:
# 注释 :下面的命令用于显示一个证书的内容,注意,输入的是一个证书,而不是 CSR
openssl x509 -in cert.pem -noout -text
Display the certificate serial number:
# 注释 :下面的命令用于只输出证书的序列号
openssl x509 -in cert.pem -noout -serial
Display the certificate subject name:
# 注释 :下面的命令只显示证书的 subject name
openssl x509 -in cert.pem -noout -subject
Display the certificate subject name in RFC2253 form:
# 注释 :下面的命令只显示证书的 subject name ,但格式是
RC2253
openssl x509 -in cert.pem -noout -subject -nameopt
RFC2253
Display the certificate subject name in oneline form on a terminal
supporting UTF8:
# 注释 :下面的命令用于以 UTF8 格式显示一个证书的 subject
name
openssl x509 -in cert.pem -noout -subject -nameopt
oneline,-escmsb
Display the certificate MD5 fingerprint:
# 注释 :下面用于显示一个证书的指纹
openssl x509 -in cert.pem -noout
-fingerprint
Display the certificate SHA1 fingerprint:
# 注释 :下面的命令用于显示一个证书的指纹(使用 SHA1 算法生成消息摘要)
openssl x509 -sha1 -in cert.pem -noout
-fingerprint
Convert a certificate from PEM to DER format:
# 注释 :下面的命令用于转换一个证书的格式(从 PEM 到 DER 格式)
openssl x509 -in cert.pem -inform PEM -out cert.der
-outform DER
Convert a certificate to a certificate request:
# 注释 :下面的命令用于转换一个证书为一个 CSR
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey
key.pem
Convert a certificate request into a self signed certificate using
extensions for a CA:
openssl x509 -req -in careq.pem -extfile openssl.cnf
-extensions v3_ca -signkey key.pem -out cacert.pem
Sign a certificate request using the CA certificate above and add
user certificate extensions:
# 注释 :下面的命令用一个 CA 证书对 CSR 进行签名并增加用户证书扩展
openssl x509 -req -in req.pem -extfile openssl.cnf
-extensions v3_usr -CA cacert.pem -CAkey key.pem -CAcreateserial
Set a certificate to be trusted for SSL client use and change set
its alias to "Steve’s Class 1 CA"
openssl x509 -in cert.pem -addtrust clientAuth -setalias
"Steve’s Class 1 CA" -out trust.pem
NOTES
The PEM format uses
the header and footer lines:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
it will also handle files containing:
-----BEGIN X509 CERTIFICATE-----
-----END X509 CERTIFICATE-----
Trusted certificates have the lines
-----BEGIN TRUSTED CERTIFICATE-----
-----END TRUSTED
CERTIFICATE-----
The conversion to UTF8 format used with the name options assumes
that
T61Strings use the ISO8859-1 character set. This is wrong but
Netscape
and MSIE do this as do many certificates. So although this is
incor-
rect it is more likely to display the majority of certificates
cor-
rectly.
The -fingerprint option takes the digest of the DER encoded
certifi-
cate. This is commonly called a "fingerprint". Because of
the nature
of message digests the fingerprint of a certificate is
unique to that
certificate and two certificates with the same
fingerprint can be con-
sidered to be the same.
The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
The -email option searches the subject name and the subject
alterna-
tive name extension. Only unique email addresses will be
printed out:
it will not print the same address more than once.
CERTIFICATE EXTENSIONS
The
-purpose option checks the certificate extensions and determines
what
the certificate can be used for. The actual checks done are
rather
complex and include various hacks and workarounds to handle
broken
certificates and software.
The same code is used when verifying untrusted certificates in
chains
so this section is useful if a chain is rejected by the verify
code.
The basicConstraints extension CA flag is used to determine
whether
the certificate can be used as a CA. If the CA flag is true
then it is
a CA, if the CA flag is false then it is not a CA. All CAs
should have
the CA flag set to true.
If the basicConstraints extension is absent then the certificate
is
considered to be a "possible CA" other extensions are checked
accord-
ing to the intended use of the certificate. A warning is given
in this
case because the certificate should really not be regarded as
a CA:
however it is allowed to be a CA to work around some broken
software.
If the certificate is a V1 certificate (and thus has no
extensions)
and it is self signed it is also assumed to be a CA but a
warning is
again given: this is to work around the problem of Verisign
roots
which are V1 self signed certificates.
If the keyUsage extension is present then additional restraints
are
made on the uses of the certificate. A CA certificate must have
the
keyCertSign bit set if the keyUsage extension is present.
The extended key usage extension places additional restrictions on
the
certificate uses. If this extension is present (whether critical
or
not) the key can only be used for the purposes specified.
A complete description of each test is given below. The comments
about
basicConstraints and keyUsage and V1 certificates above apply to
all
CA certificates.
SSL Client
The extended key usage extension must be absent or
include the
"web client authentication" OID. keyUsage must be absent or
it
must have the digitalSignature bit set. Netscape certificate
type
must be absent or it must have the SSL client bit set.
SSL Client CA
The extended key usage extension must be absent
or include the
"web client authentication" OID. Netscape certificate type
must be
absent or it must have the SSL CA bit set: this is used as a
work
around if the basicConstraints extension is absent.
SSL Server
The extended key usage extension must be absent or
include the
"web server authentication" and/or one of the SGC OIDs.
keyUsage
must be absent or it must have the digitalSignature, the
keyEnci-
pherment set or both bits set. Netscape certificate type must
be
absent or have the SSL server bit set.
SSL Server CA
The extended key usage extension must be absent
or include the
"web server authentication" and/or one of the SGC OIDs.
Netscape
certificate type must be absent or the SSL CA bit must be
set:
this is used as a work around if the basicConstraints extension
is
absent.
Netscape SSL Server
For Netscape SSL clients to connect to an
SSL server it must have
the keyEncipherment bit set if the keyUsage
extension is present.
This isn’t always valid because some cipher suites
use the key for
digital signing. Otherwise it is the same as a normal
SSL server.
Common S/MIME Client Tests
The extended key usage extension
must be absent or include the
"email protection" OID. Netscape
certificate type must be absent
or should have the S/MIME bit set. If the
S/MIME bit is not set in
netscape certificate type then the SSL client
bit is tolerated as
an alternative but a warning is shown: this is
because some
Verisign certificates don’t set the S/MIME bit.
S/MIME Signing
In addition to the common S/MIME client tests
the digitalSignature
bit must be set if the keyUsage extension is
present.
S/MIME Encryption
In addition to the common S/MIME tests the
keyEncipherment bit
must be set if the keyUsage extension is
present.
S/MIME CA
The extended key usage extension must be absent or
include the
"email protection" OID. Netscape certificate type must be
absent
or must have the S/MIME CA bit set: this is used as a work
around
if the basicConstraints extension is absent.
CRL Signing
The keyUsage extension must be absent or it must
have the CRL
signing bit set.
CRL Signing CA
The normal CA tests apply. Except in this case
the basic-
Constraints extension must be present.
BUGS
Extensions in
certificates are not transferred to certificate requests
and vice
versa.
It is possible to produce invalid certificates or requests by
specify-
ing the wrong private key or using inconsistent options in
some cases:
these should be checked.
There should be options to explicitly set such things as start and
end
dates rather than an offset from the current time.
The code to implement the verify behaviour described in the TRUST
SET-
TINGS is currently being developed. It thus describes the
intended
behaviour rather than the current behaviour. It is hoped that
it will
represent reality in OpenSSL 0.9.5 and later.
SEE ALSO
req(1), ca(1), genrsa(1), gendsa(1), verify(1)
0.9.7a 2003-01-30 X509(1)
