descertĮncrypt the certificate using triple DES, this may render the PKCS#12 file unreadable by some "export grade" software. If the search fails it is considered a fatal error. The standard CA store is used for this search. If this option is present then an attempt is made to include the entire certificate chain of the user certificate. For more information about the format of arg see "Pass Phrase Options" in openssl(1). Pass phrase source to decrypt any input private keys with. Netscape ignores friendly names on other certificates whereas MSIE displays them. This option may be used multiple times to specify names for all certificates in the order they appear. This specifies the "friendly name" for other certificates. certfile filenameĪ filename to read additional certificates from. This name is typically displayed in list boxes by software importing the file. This specifies the "friendly name" for the certificate and private key. If no engine is used, the argument is taken as a file if an engine is specified, the argument is given to the engine as a key identifier. If not present then a private key must be present in the input file. inkey file_or_idįile to read private key from. If additional certificates are present they will also be included in the PKCS#12 file. The order doesn't matter but one private key and its corresponding certificate should be present. The filename to read certificates and private keys from, standard input by default. This specifies filename to write the PKCS#12 file to. This option specifies that a PKCS#12 file will be created rather than parsed. Cannot be used in combination with the options -password, -passin (if importing) or -passout (if exporting). Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such PKCS#12 files unreadable. nomacverĭon't attempt to verify the integrity MAC before reading the file. nodesĭon't encrypt the private keys at all. Use Camellia to encrypt private keys before outputting. Use ARIA to encrypt private keys before outputting. Use AES to encrypt private keys before outputting. Use IDEA to encrypt private keys before outputting. Use triple DES to encrypt private keys before outputting, this is the default. Use DES to encrypt private keys before outputting. Output additional information about the PKCS#12 file structure, algorithms used and iteration counts. Only output CA certificates (not client certificates). Only output client certificates (not CA certificates). This option inhibits output of the keys and certificates to the output file version of the PKCS#12 file. Otherwise, -password is equivalent to -passin. With -export, -password is equivalent to -passout. Pass phrase source to encrypt any outputted private keys with. The filename to write certificates and private keys to, standard output by default. This specifies filename of the PKCS#12 file to be parsed. A PKCS#12 file can be created by using the -export option (see below). There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook. The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. Openssl-pkcs12, pkcs12 - PKCS#12 file utility SYNOPSIS
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |