提交 1675f6eb 编写于 作者: R Richard Levitte

Let's make all the example formated the same, shall we?

上级 8548d442
......@@ -334,19 +334,19 @@ demoCA/index.txt.
Sign a certificate request:
openssl ca -in req.pem -out newcert.pem
openssl ca -in req.pem -out newcert.pem
Generate a CRL
openssl ca -gencrl -out crl.pem
openssl ca -gencrl -out crl.pem
Sign several requests:
openssl ca -infiles req1.pem req2.pem req3.pem
openssl ca -infiles req1.pem req2.pem req3.pem
Certify a Netscape SPKAC:
openssl ca -spkac spkac.txt
openssl ca -spkac spkac.txt
A sample SPKAC file (the SPKAC line has been truncated for clarity):
......
......@@ -129,23 +129,23 @@ The PEM private key format uses the header and footer lines:
To remove the pass phrase on a DSA private key:
C<openssl dsa -in key.pem -out keyout.pem>
openssl dsa -in key.pem -out keyout.pem
To encrypt a private key using triple DES:
C<openssl dsa -in key.pem -des3 -out keyout.pem>
openssl dsa -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
C<openssl dsa -in key.pem -outform DER -out keyout.der>
openssl dsa -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
C<openssl dsa -in key.pem -text -noout>
openssl dsa -in key.pem -text -noout
To just output the public part of a private key:
C<openssl dsa -in key.pem -pubout -out pubkey.pem>
openssl dsa -in key.pem -pubout -out pubkey.pem
=head1 SEE ALSO
......
......@@ -135,23 +135,23 @@ The PEM private key format uses the header and footer lines:
To remove the pass phrase on an RSA private key:
C<openssl rsa -in key.pem -out keyout.pem>
openssl rsa -in key.pem -out keyout.pem
To encrypt a private key using triple DES:
C<openssl rsa -in key.pem -des3 -out keyout.pem>
openssl rsa -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
C<openssl rsa -in key.pem -outform DER -out keyout.der>
openssl rsa -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
C<openssl rsa -in key.pem -text -noout>
openssl rsa -in key.pem -text -noout
To just output the public part of a private key:
C<openssl rsa -in key.pem -pubout -out pubkey.pem>
openssl rsa -in key.pem -pubout -out pubkey.pem
=head1 SEE ALSO
......
......@@ -248,24 +248,25 @@ the signers certificates.
Create a cleartext signed message:
openssl smime -sign -in message.txt -text -out mail.msg
-signer mycert.pem
openssl smime -sign -in message.txt -text -out mail.msg \
-signer mycert.pem
Create and opaque signed message
openssl smime -sign -in message.txt -text -out mail.msg -nodetach
-signer mycert.pem
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
-signer mycert.pem
Create a signed message, include some additional certificates and
read the private key from another file:
openssl smime -sign -in in.txt -text -out mail.msg
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
openssl smime -sign -in in.txt -text -out mail.msg \
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
Send a signed message under Unix directly to sendmail, including headers:
openssl smime -sign -in in.txt -text -signer mycert.pem -from steve@openssl.org
-to someone@somewhere -subject "Signed message" | sendmail someone@somewhere
openssl smime -sign -in in.txt -text -signer mycert.pem \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed message" | sendmail someone@somewhere
Verify a message and extract the signer's certificate if successful:
......@@ -273,14 +274,16 @@ Verify a message and extract the signer's certificate if successful:
Send encrypted mail using triple DES:
openssl smime -encrypt -in in.txt -from steve@openssl.org -to someone@somewhere
-subject "Encrypted message" -des3 user.pem -out mail.msg
openssl smime -encrypt -in in.txt -from steve@openssl.org \
-to someone@somewhere -subject "Encrypted message" \
-des3 user.pem -out mail.msg
Sign and encrypt mail:
openssl smime -sign -in ml.txt -signer my.pem -text | openssl -encrypt -out mail.msg
-from steve@openssl.org -to someone@somewhere -subject "Signed and Encrypted message"
-des3 user.pem
openssl smime -sign -in ml.txt -signer my.pem -text \
| openssl -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem
Note: the encryption command does not include the B<-text> option because the message
being encrypted already has MIME headers.
......
......@@ -336,46 +336,46 @@ line.
Display the contents of a certificate:
openssl x509 -in cert.pem -noout -text
openssl x509 -in cert.pem -noout -text
Display the certificate serial number:
openssl x509 -in cert.pem -noout -serial
openssl x509 -in cert.pem -noout -serial
Display the certificate MD5 fingerprint:
openssl x509 -in cert.pem -noout -fingerprint
openssl x509 -in cert.pem -noout -fingerprint
Display the certificate SHA1 fingerprint:
openssl x509 -sha1 -in cert.pem -noout -fingerprint
openssl x509 -sha1 -in cert.pem -noout -fingerprint
Convert a certificate from PEM to DER format:
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
Convert a certificate to a certificate request:
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
Convert a certificate request into a self signed certificate using
extensions for a CA:
openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
-signkey key.pem -out cacert.pem
openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
-signkey key.pem -out cacert.pem
Sign a certificate request using the CA certificate above and add user
certificate extensions:
openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
-CA cacert.pem -CAkey key.pem -CAcreateserial
openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
-CA cacert.pem -CAkey key.pem -CAcreateserial
Set a certificate to be trusted for SSL client use and change set its alias to
"Steve's Class 1 CA"
openssl x509 -in cert.pem -addtrust sslclient \
-alias "Steve's Class 1 CA" -out trust.pem
openssl x509 -in cert.pem -addtrust sslclient \
-alias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册