1X509(1)                             OpenSSL                            X509(1)
2
3
4

NAME

6       x509 - Certificate display and signing utility
7

SYNOPSIS

9       openssl x509 [-inform DER⎪PEM⎪NET] [-outform DER⎪PEM⎪NET] [-keyform
10       DER⎪PEM] [-CAform DER⎪PEM] [-CAkeyform DER⎪PEM] [-in filename] [-out
11       filename] [-serial] [-hash] [-subject_hash] [-issuer_hash] [-subject]
12       [-issuer] [-nameopt option] [-email] [-startdate] [-enddate] [-purpose]
13       [-dates] [-modulus] [-fingerprint] [-alias] [-noout] [-trustout]
14       [-clrtrust] [-clrreject] [-addtrust arg] [-addreject arg] [-setalias
15       arg] [-days arg] [-set_serial n] [-signkey filename] [-x509toreq]
16       [-req] [-CA filename] [-CAkey filename] [-CAcreateserial] [-CAserial
17       filename] [-text] [-C] [-md2⎪-md5⎪-sha1⎪-mdc2] [-clrext] [-extfile
18       filename] [-extensions section] [-engine id]
19

DESCRIPTION

21       The x509 command is a multi purpose certificate utility. It can be used
22       to display certificate information, convert certificates to various
23       forms, sign certificate requests like a "mini CA" or edit certificate
24       trust settings.
25
26       Since there are a large number of options they will split up into vari‐
27       ous sections.
28

OPTIONS

30       INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
31
32       -inform DER⎪PEM⎪NET
33           This specifies the input format normally the command will expect an
34           X509 certificate but this can change if other options such as -req
35           are present. The DER format is the DER encoding of the certificate
36           and PEM is the base64 encoding of the DER encoding with header and
37           footer lines added. The NET option is an obscure Netscape server
38           format that is now obsolete.
39
40       -outform DER⎪PEM⎪NET
41           This specifies the output format, the options have the same meaning
42           as the -inform option.
43
44       -in filename
45           This specifies the input filename to read a certificate from or
46           standard input if this option is not specified.
47
48       -out filename
49           This specifies the output filename to write to or standard output
50           by default.
51
52       -md2⎪-md5⎪-sha1⎪-mdc2
53           the digest to use. This affects any signing or display option that
54           uses a message digest, such as the -fingerprint, -signkey and -CA
55           options. If not specified then SHA1 is used. If the key being used
56           to sign with is a DSA key then this option has no effect: SHA1 is
57           always used with DSA keys.
58
59       -engine id
60           specifying an engine (by it's unique id string) will cause req to
61           attempt to obtain a functional reference to the specified engine,
62           thus initialising it if needed. The engine will then be set as the
63           default for all available algorithms.
64
65       DISPLAY OPTIONS
66
67       Note: the -alias and -purpose options are also display options but are
68       described in the TRUST SETTINGS section.
69
70       -text
71           prints out the certificate in text form. Full details are output
72           including the public key, signature algorithms, issuer and subject
73           names, serial number any extensions present and any trust settings.
74
75       -certopt option
76           customise the output format used with -text. The option argument
77           can be a single option or multiple options separated by commas. The
78           -certopt switch may be also be used more than once to set multiple
79           options. See the TEXT OPTIONS section for more information.
80
81       -noout
82           this option prevents output of the encoded version of the request.
83
84       -modulus
85           this option prints out the value of the modulus of the public key
86           contained in the certificate.
87
88       -serial
89           outputs the certificate serial number.
90
91       -subject_hash
92           outputs the "hash" of the certificate subject name. This is used in
93           OpenSSL to form an index to allow certificates in a directory to be
94           looked up by subject name.
95
96       -issuer_hash
97           outputs the "hash" of the certificate issuer name.
98
99       -hash
100           synonym for "-hash" for backward compatibility reasons.
101
102       -subject
103           outputs the subject name.
104
105       -issuer
106           outputs the issuer name.
107
108       -nameopt option
109           option which determines how the subject or issuer names are dis‐
110           played. The option argument can be a single option or multiple
111           options separated by commas.  Alternatively the -nameopt switch may
112           be used more than once to set multiple options. See the NAME
113           OPTIONS section for more information.
114
115       -email
116           outputs the email address(es) if any.
117
118       -startdate
119           prints out the start date of the certificate, that is the notBefore
120           date.
121
122       -enddate
123           prints out the expiry date of the certificate, that is the notAfter
124           date.
125
126       -dates
127           prints out the start and expiry dates of a certificate.
128
129       -fingerprint
130           prints out the digest of the DER encoded version of the whole cer‐
131           tificate (see digest options).
132
133       -C  this outputs the certificate in the form of a C source file.
134
135       TRUST SETTINGS
136
137       Please note these options are currently experimental and may well
138       change.
139
140       A trusted certificate is an ordinary certificate which has several
141       additional pieces of information attached to it such as the permitted
142       and prohibited uses of the certificate and an "alias".
143
144       Normally when a certificate is being verified at least one certificate
145       must be "trusted". By default a trusted certificate must be stored
146       locally and must be a root CA: any certificate chain ending in this CA
147       is then usable for any purpose.
148
149       Trust settings currently are only used with a root CA. They allow a
150       finer control over the purposes the root CA can be used for. For exam‐
151       ple a CA may be trusted for SSL client but not SSL server use.
152
153       See the description of the verify utility for more information on the
154       meaning of trust settings.
155
156       Future versions of OpenSSL will recognize trust settings on any cer‐
157       tificate: not just root CAs.
158
159       -trustout
160           this causes x509 to output a trusted certificate. An ordinary or
161           trusted certificate can be input but by default an ordinary cer‐
162           tificate is output and any trust settings are discarded. With the
163           -trustout option a trusted certificate is output. A trusted cer‐
164           tificate is automatically output if any trust settings are modi‐
165           fied.
166
167       -setalias arg
168           sets the alias of the certificate. This will allow the certificate
169           to be referred to using a nickname for example "Steve's Certifi‐
170           cate".
171
172       -alias
173           outputs the certificate alias, if any.
174
175       -clrtrust
176           clears all the permitted or trusted uses of the certificate.
177
178       -clrreject
179           clears all the prohibited or rejected uses of the certificate.
180
181       -addtrust arg
182           adds a trusted certificate use. Any object name can be used here
183           but currently only clientAuth (SSL client use), serverAuth (SSL
184           server use) and emailProtection (S/MIME email) are used.  Other
185           OpenSSL applications may define additional uses.
186
187       -addreject arg
188           adds a prohibited use. It accepts the same values as the -addtrust
189           option.
190
191       -purpose
192           this option performs tests on the certificate extensions and out‐
193           puts the results. For a more complete description see the CERTIFI‐
194           CATE EXTENSIONS section.
195
196       SIGNING OPTIONS
197
198       The x509 utility can be used to sign certificates and requests: it can
199       thus behave like a "mini CA".
200
201       -signkey filename
202           this option causes the input file to be self signed using the sup‐
203           plied private key.
204
205           If the input file is a certificate it sets the issuer name to the
206           subject name (i.e.  makes it self signed) changes the public key to
207           the supplied value and changes the start and end dates. The start
208           date is set to the current time and the end date is set to a value
209           determined by the -days option. Any certificate extensions are
210           retained unless the -clrext option is supplied.
211
212           If the input is a certificate request then a self signed certifi‐
213           cate is created using the supplied private key using the subject
214           name in the request.
215
216       -clrext
217           delete any extensions from a certificate. This option is used when
218           a certificate is being created from another certificate (for exam‐
219           ple with the -signkey or the -CA options). Normally all extensions
220           are retained.
221
222       -keyform PEM⎪DER
223           specifies the format (DER or PEM) of the private key file used in
224           the -signkey option.
225
226       -days arg
227           specifies the number of days to make a certificate valid for. The
228           default is 30 days.
229
230       -x509toreq
231           converts a certificate into a certificate request. The -signkey
232           option is used to pass the required private key.
233
234       -req
235           by default a certificate is expected on input. With this option a
236           certificate request is expected instead.
237
238       -set_serial n
239           specifies the serial number to use. This option can be used with
240           either the -signkey or -CA options. If used in conjunction with the
241           -CA option the serial number file (as specified by the -CAserial or
242           -CAcreateserial options) is not used.
243
244           The serial number can be decimal or hex (if preceded by 0x). Nega‐
245           tive serial numbers can also be specified but their use is not rec‐
246           ommended.
247
248       -CA filename
249           specifies the CA certificate to be used for signing. When this
250           option is present x509 behaves like a "mini CA". The input file is
251           signed by this CA using this option: that is its issuer name is set
252           to the subject name of the CA and it is digitally signed using the
253           CAs private key.
254
255           This option is normally combined with the -req option. Without the
256           -req option the input is a certificate which must be self signed.
257
258       -CAkey filename
259           sets the CA private key to sign a certificate with. If this option
260           is not specified then it is assumed that the CA private key is
261           present in the CA certificate file.
262
263       -CAserial filename
264           sets the CA serial number file to use.
265
266           When the -CA option is used to sign a certificate it uses a serial
267           number specified in a file. This file consist of one line contain‐
268           ing an even number of hex digits with the serial number to use.
269           After each use the serial number is incremented and written out to
270           the file again.
271
272           The default filename consists of the CA certificate file base name
273           with ".srl" appended. For example if the CA certificate file is
274           called "mycacert.pem" it expects to find a serial number file
275           called "mycacert.srl".
276
277       -CAcreateserial
278           with this option the CA serial number file is created if it does
279           not exist: it will contain the serial number "02" and the certifi‐
280           cate being signed will have the 1 as its serial number. Normally if
281           the -CA option is specified and the serial number file does not
282           exist it is an error.
283
284       -extfile filename
285           file containing certificate extensions to use. If not specified
286           then no extensions are added to the certificate.
287
288       -extensions section
289           the section to add certificate extensions from. If this option is
290           not specified then the extensions should either be contained in the
291           unnamed (default) section or the default section should contain a
292           variable called "extensions" which contains the section to use.
293
294       NAME OPTIONS
295
296       The nameopt command line switch determines how the subject and issuer
297       names are displayed. If no nameopt switch is present the default "one‐
298       line" format is used which is compatible with previous versions of
299       OpenSSL.  Each option is described in detail below, all options can be
300       preceded by a - to turn the option off. Only the first four will nor‐
301       mally be used.
302
303       compat
304           use the old format. This is equivalent to specifying no name
305           options at all.
306
307       RFC2253
308           displays names compatible with RFC2253 equivalent to esc_2253,
309           esc_ctrl, esc_msb, utf8, dump_nostr, dump_unknown, dump_der,
310           sep_comma_plus, dn_rev and sname.
311
312       oneline
313           a oneline format which is more readable than RFC2253. It is equiva‐
314           lent to specifying the  esc_2253, esc_ctrl, esc_msb, utf8,
315           dump_nostr, dump_der, use_quote, sep_comma_plus_spc, spc_eq and
316           sname options.
317
318       multiline
319           a multiline format. It is equivalent esc_ctrl, esc_msb, sep_multi‐
320           line, spc_eq, lname and align.
321
322       esc_2253
323           escape the "special" characters required by RFC2253 in a field That
324           is ,+"<>;. Additionally # is escaped at the beginning of a string
325           and a space character at the beginning or end of a string.
326
327       esc_ctrl
328           escape control characters. That is those with ASCII values less
329           than 0x20 (space) and the delete (0x7f) character. They are escaped
330           using the RFC2253 \XX notation (where XX are two hex digits repre‐
331           senting the character value).
332
333       esc_msb
334           escape characters with the MSB set, that is with ASCII values
335           larger than 127.
336
337       use_quote
338           escapes some characters by surrounding the whole string with "
339           characters, without the option all escaping is done with the \
340           character.
341
342       utf8
343           convert all strings to UTF8 format first. This is required by
344           RFC2253. If you are lucky enough to have a UTF8 compatible terminal
345           then the use of this option (and not setting esc_msb) may result in
346           the correct display of multibyte (international) characters. Is
347           this option is not present then multibyte characters larger than
348           0xff will be represented using the format \UXXXX for 16 bits and
349           \WXXXXXXXX for 32 bits.  Also if this option is off any UTF8Strings
350           will be converted to their character form first.
351
352       no_type
353           this option does not attempt to interpret multibyte characters in
354           any way. That is their content octets are merely dumped as though
355           one octet represents each character. This is useful for diagnostic
356           purposes but will result in rather odd looking output.
357
358       show_type
359           show the type of the ASN1 character string. The type precedes the
360           field contents. For example "BMPSTRING: Hello World".
361
362       dump_der
363           when this option is set any fields that need to be hexdumped will
364           be dumped using the DER encoding of the field. Otherwise just the
365           content octets will be displayed. Both options use the RFC2253
366           #XXXX... format.
367
368       dump_nostr
369           dump non character string types (for example OCTET STRING) if this
370           option is not set then non character string types will be displayed
371           as though each content octet represents a single character.
372
373       dump_all
374           dump all fields. This option when used with dump_der allows the DER
375           encoding of the structure to be unambiguously determined.
376
377       dump_unknown
378           dump any field whose OID is not recognised by OpenSSL.
379
380       sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multi‐
381       line
382           these options determine the field separators. The first character
383           is between RDNs and the second between multiple AVAs (multiple AVAs
384           are very rare and their use is discouraged). The options ending in
385           "space" additionally place a space after the separator to make it
386           more readable. The sep_multiline uses a linefeed character for the
387           RDN separator and a spaced + for the AVA separator. It also indents
388           the fields by four characters.
389
390       dn_rev
391           reverse the fields of the DN. This is required by RFC2253. As a
392           side effect this also reverses the order of multiple AVAs but this
393           is permissible.
394
395       nofname, sname, lname, oid
396           these options alter how the field name is displayed. nofname does
397           not display the field at all. sname uses the "short name" form (CN
398           for commonName for example). lname uses the long form.  oid repre‐
399           sents the OID in numerical form and is useful for diagnostic pur‐
400           pose.
401
402       align
403           align field values for a more readable output. Only usable with
404           sep_multiline.
405
406       spc_eq
407           places spaces round the = character which follows the field name.
408
409       TEXT OPTIONS
410
411       As well as customising the name output format, it is also possible to
412       customise the actual fields printed using the certopt options when the
413       text option is present. The default behaviour is to print all fields.
414
415       compatible
416           use the old format. This is equivalent to specifying no output
417           options at all.
418
419       no_header
420           don't print header information: that is the lines saying "Certifi‐
421           cate" and "Data".
422
423       no_version
424           don't print out the version number.
425
426       no_serial
427           don't print out the serial number.
428
429       no_signame
430           don't print out the signature algorithm used.
431
432       no_validity
433           don't print the validity, that is the notBefore and notAfter
434           fields.
435
436       no_subject
437           don't print out the subject name.
438
439       no_issuer
440           don't print out the issuer name.
441
442       no_pubkey
443           don't print out the public key.
444
445       no_sigdump
446           don't give a hexadecimal dump of the certificate signature.
447
448       no_aux
449           don't print out certificate trust information.
450
451       no_extensions
452           don't print out any X509V3 extensions.
453
454       ext_default
455           retain default extension behaviour: attempt to print out unsup‐
456           ported certificate extensions.
457
458       ext_error
459           print an error message for unsupported certificate extensions.
460
461       ext_parse
462           ASN1 parse unsupported extensions.
463
464       ext_dump
465           hex dump unsupported extensions.
466
467       ca_default
468           the value used by the ca utility, equivalent to no_issuer, no_pub‐
469           key, no_header, no_version, no_sigdump and no_signame.
470

EXAMPLES

472       Note: in these examples the '\' means the example should be all on one
473       line.
474
475       Display the contents of a certificate:
476
477        openssl x509 -in cert.pem -noout -text
478
479       Display the certificate serial number:
480
481        openssl x509 -in cert.pem -noout -serial
482
483       Display the certificate subject name:
484
485        openssl x509 -in cert.pem -noout -subject
486
487       Display the certificate subject name in RFC2253 form:
488
489        openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
490
491       Display the certificate subject name in oneline form on a terminal sup‐
492       porting UTF8:
493
494        openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
495
496       Display the certificate MD5 fingerprint:
497
498        openssl x509 -in cert.pem -noout -fingerprint
499
500       Display the certificate SHA1 fingerprint:
501
502        openssl x509 -sha1 -in cert.pem -noout -fingerprint
503
504       Convert a certificate from PEM to DER format:
505
506        openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
507
508       Convert a certificate to a certificate request:
509
510        openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
511
512       Convert a certificate request into a self signed certificate using
513       extensions for a CA:
514
515        openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
516               -signkey key.pem -out cacert.pem
517
518       Sign a certificate request using the CA certificate above and add user
519       certificate extensions:
520
521        openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
522               -CA cacert.pem -CAkey key.pem -CAcreateserial
523
524       Set a certificate to be trusted for SSL client use and change set its
525       alias to "Steve's Class 1 CA"
526
527        openssl x509 -in cert.pem -addtrust clientAuth \
528               -setalias "Steve's Class 1 CA" -out trust.pem
529

NOTES

531       The PEM format uses the header and footer lines:
532
533        -----BEGIN CERTIFICATE-----
534        -----END CERTIFICATE-----
535
536       it will also handle files containing:
537
538        -----BEGIN X509 CERTIFICATE-----
539        -----END X509 CERTIFICATE-----
540
541       Trusted certificates have the lines
542
543        -----BEGIN TRUSTED CERTIFICATE-----
544        -----END TRUSTED CERTIFICATE-----
545
546       The conversion to UTF8 format used with the name options assumes that
547       T61Strings use the ISO8859-1 character set. This is wrong but Netscape
548       and MSIE do this as do many certificates. So although this is incorrect
549       it is more likely to display the majority of certificates correctly.
550
551       The -fingerprint option takes the digest of the DER encoded certifi‐
552       cate.  This is commonly called a "fingerprint". Because of the nature
553       of message digests the fingerprint of a certificate is unique to that
554       certificate and two certificates with the same fingerprint can be con‐
555       sidered to be the same.
556
557       The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
558
559       The -email option searches the subject name and the subject alternative
560       name extension. Only unique email addresses will be printed out: it
561       will not print the same address more than once.
562

CERTIFICATE EXTENSIONS

564       The -purpose option checks the certificate extensions and determines
565       what the certificate can be used for. The actual checks done are rather
566       complex and include various hacks and workarounds to handle broken cer‐
567       tificates and software.
568
569       The same code is used when verifying untrusted certificates in chains
570       so this section is useful if a chain is rejected by the verify code.
571
572       The basicConstraints extension CA flag is used to determine whether the
573       certificate can be used as a CA. If the CA flag is true then it is a
574       CA, if the CA flag is false then it is not a CA. All CAs should have
575       the CA flag set to true.
576
577       If the basicConstraints extension is absent then the certificate is
578       considered to be a "possible CA" other extensions are checked according
579       to the intended use of the certificate. A warning is given in this case
580       because the certificate should really not be regarded as a CA: however
581       it is allowed to be a CA to work around some broken software.
582
583       If the certificate is a V1 certificate (and thus has no extensions) and
584       it is self signed it is also assumed to be a CA but a warning is again
585       given: this is to work around the problem of Verisign roots which are
586       V1 self signed certificates.
587
588       If the keyUsage extension is present then additional restraints are
589       made on the uses of the certificate. A CA certificate must have the
590       keyCertSign bit set if the keyUsage extension is present.
591
592       The extended key usage extension places additional restrictions on the
593       certificate uses. If this extension is present (whether critical or
594       not) the key can only be used for the purposes specified.
595
596       A complete description of each test is given below. The comments about
597       basicConstraints and keyUsage and V1 certificates above apply to all CA
598       certificates.
599
600       SSL Client
601           The extended key usage extension must be absent or include the "web
602           client authentication" OID.  keyUsage must be absent or it must
603           have the digitalSignature bit set. Netscape certificate type must
604           be absent or it must have the SSL client bit set.
605
606       SSL Client CA
607           The extended key usage extension must be absent or include the "web
608           client authentication" OID. Netscape certificate type must be
609           absent or it must have the SSL CA bit set: this is used as a work
610           around if the basicConstraints extension is absent.
611
612       SSL Server
613           The extended key usage extension must be absent or include the "web
614           server authentication" and/or one of the SGC OIDs.  keyUsage must
615           be absent or it must have the digitalSignature, the keyEncipherment
616           set or both bits set.  Netscape certificate type must be absent or
617           have the SSL server bit set.
618
619       SSL Server CA
620           The extended key usage extension must be absent or include the "web
621           server authentication" and/or one of the SGC OIDs.  Netscape cer‐
622           tificate type must be absent or the SSL CA bit must be set: this is
623           used as a work around if the basicConstraints extension is absent.
624
625       Netscape SSL Server
626           For Netscape SSL clients to connect to an SSL server it must have
627           the keyEncipherment bit set if the keyUsage extension is present.
628           This isn't always valid because some cipher suites use the key for
629           digital signing.  Otherwise it is the same as a normal SSL server.
630
631       Common S/MIME Client Tests
632           The extended key usage extension must be absent or include the
633           "email protection" OID. Netscape certificate type must be absent or
634           should have the S/MIME bit set. If the S/MIME bit is not set in
635           netscape certificate type then the SSL client bit is tolerated as
636           an alternative but a warning is shown: this is because some
637           Verisign certificates don't set the S/MIME bit.
638
639       S/MIME Signing
640           In addition to the common S/MIME client tests the digitalSignature
641           bit must be set if the keyUsage extension is present.
642
643       S/MIME Encryption
644           In addition to the common S/MIME tests the keyEncipherment bit must
645           be set if the keyUsage extension is present.
646
647       S/MIME CA
648           The extended key usage extension must be absent or include the
649           "email protection" OID. Netscape certificate type must be absent or
650           must have the S/MIME CA bit set: this is used as a work around if
651           the basicConstraints extension is absent.
652
653       CRL Signing
654           The keyUsage extension must be absent or it must have the CRL sign‐
655           ing bit set.
656
657       CRL Signing CA
658           The normal CA tests apply. Except in this case the basicConstraints
659           extension must be present.
660

BUGS

662       Extensions in certificates are not transferred to certificate requests
663       and vice versa.
664
665       It is possible to produce invalid certificates or requests by specify‐
666       ing the wrong private key or using inconsistent options in some cases:
667       these should be checked.
668
669       There should be options to explicitly set such things as start and end
670       dates rather than an offset from the current time.
671
672       The code to implement the verify behaviour described in the TRUST SET‐
673       TINGS is currently being developed. It thus describes the intended be‐
674       haviour rather than the current behaviour. It is hoped that it will
675       represent reality in OpenSSL 0.9.5 and later.
676

SEE ALSO

678       req(1), ca(1), genrsa(1), gendsa(1), verify(1)
679

HISTORY

681       Before OpenSSL 0.9.8, the default digest for RSA keys was MD5.
682
683
684
6850.9.8b                            2005-04-03                           X509(1)
Impressum