5 openssl - OpenSSL command line program
16 B<-standard-commands> |
19 B<-cipher-algorithms> |
20 B<-digest-algorithms> |
22 B<-public-key-algorithms>
24 B<openssl> B<no->I<XXX> [ I<options> ]
28 OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
29 v2/v3) and Transport Layer Security (TLS v1) network protocols and related
30 cryptography standards required by them.
32 The B<openssl> program is a command line program for using the various
33 cryptography functions of OpenSSL's B<crypto> library from the shell.
36 o Creation and management of private keys, public keys and parameters
37 o Public key cryptographic operations
38 o Creation of X.509 certificates, CSRs and CRLs
39 o Calculation of Message Digests and Message Authentication Codes
40 o Encryption and Decryption with Ciphers
41 o SSL/TLS Client and Server Tests
42 o Handling of S/MIME signed or encrypted mail
43 o Timestamp requests, generation and verification
45 =head1 COMMAND SUMMARY
47 The B<openssl> program provides a rich variety of commands (I<command> in
48 the L</SYNOPSIS> above).
49 Each command can have many options and argument parameters, shown above as
50 I<options> and I<parameters>.
52 Detailed documentation and use cases for most standard subcommands are available
53 (e.g., L<openssl-x509(1)>).
55 The list options B<-standard-commands>, B<-digest-commands>,
56 and B<-cipher-commands> output a list (one entry per line) of the names
57 of all standard commands, message digest commands, or cipher commands,
58 respectively, that are available.
60 The list parameters B<-cipher-algorithms>, B<-digest-algorithms>,
61 and B<-mac-algorithms> list all cipher, message digest, and message
62 authentication code names, one entry per line. Aliases are listed as:
66 The list parameter B<-public-key-algorithms> lists all supported public
69 The command B<no->I<XXX> tests whether a command of the
70 specified name is available. If no command named I<XXX> exists, it
71 returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
72 and prints I<XXX>. In both cases, the output goes to B<stdout> and
73 nothing is printed to B<stderr>. Additional command line arguments
74 are always ignored. Since for each cipher there is a command of the
75 same name, this provides an easy way for shell scripts to test for the
76 availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
77 not able to detect pseudo-commands such as B<quit>,
78 B<list>, or B<no->I<XXX> itself.)
80 =head2 Configuration Option
82 Many commands use an external configuration file for some or all of their
83 arguments and have a B<-config> option to specify that file.
84 The default name of the file is F<openssl.cnf> in the default certificate
85 storage area, which can be determined from the L<openssl-version(1)>
86 command. This can be used to load modules.
87 The environment variable B<OPENSSL_CONF> can be used to specify
88 a different location of the file.
89 See L<openssl-env(7)>.
91 =head2 Standard Commands
97 Parse an ASN.1 sequence.
101 Certificate Authority (CA) Management.
105 Cipher Suite Description Determination.
109 CMS (Cryptographic Message Syntax) command.
113 Certificate Revocation List (CRL) Management.
117 CRL to PKCS#7 Conversion.
121 Message Digest calculation. MAC calculations are superseded by
126 Generation and Management of Diffie-Hellman Parameters. Superseded by
127 L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
135 DSA Parameter Generation and Management. Superseded by
136 L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
140 EC (Elliptic curve) key processing.
144 EC parameter manipulation and generation.
148 Encryption, decryption, and encoding.
152 Engine (loadable module) information and manipulation.
156 Error Number to Error String Conversion.
160 FIPS configuration installation.
164 Generation of DSA Private Key from Parameters. Superseded by
165 L<openssl-genpkey(1)> and L<openssl-pkey(1)>.
169 Generation of Private Key or Parameters.
173 Generation of RSA Private Key. Superseded by L<openssl-genpkey(1)>.
177 Display information about a command's options.
181 Display diverse information built into the OpenSSL libraries.
185 Key Derivation Functions.
189 List algorithms and features.
193 Message Authentication Code Calculation.
197 Create or examine a Netscape certificate sequence.
201 Online Certificate Status Protocol command.
205 Generation of hashed passwords.
209 PKCS#12 Data Management.
213 PKCS#7 Data Management.
217 PKCS#8 format private key conversion command.
221 Public and private key management.
225 Public key algorithm parameter management.
229 Public key algorithm cryptographic operation command.
233 Compute prime numbers.
237 Load and query providers.
241 Generate pseudo-random bytes.
245 Create symbolic links to certificate and CRL files named by the hash values.
249 PKCS#10 X.509 Certificate Signing Request (CSR) Management.
257 RSA command for signing, verification, encryption, and decryption. Superseded
258 by L<openssl-pkeyutl(1)>.
262 This implements a generic SSL/TLS client which can establish a transparent
263 connection to a remote server speaking SSL/TLS. It's intended for testing
264 purposes only and provides only rudimentary interface functionality but
265 internally uses mostly all functionality of the OpenSSL B<ssl> library.
269 This implements a generic SSL/TLS server which accepts connections from remote
270 clients speaking SSL/TLS. It's intended for testing purposes only and provides
271 only rudimentary interface functionality but internally uses mostly all
272 functionality of the OpenSSL B<ssl> library. It provides both an own command
273 line oriented protocol for testing SSL functions and a simple HTTP response
274 facility to emulate an SSL/TLS-aware webserver.
278 SSL Connection Timer.
282 SSL Session Data Management.
286 S/MIME mail processing.
290 Algorithm Speed Measurement.
294 SPKAC printing and generating command.
298 Maintain SRP password file.
302 Command to list and display certificates, keys, CRLs, etc.
306 Time Stamping Authority command.
310 X.509 Certificate Verification.
314 OpenSSL Version Information.
318 X.509 Certificate Data Management.
322 =head2 Message Digest Commands
392 SHA-3 SHAKE128 Digest
396 SHA-3 SHAKE256 Digest
404 =head2 Encryption, Decryption, and Encoding Commands
406 The following aliases provide convenient access to the most used encodings
409 Depending on how OpenSSL was configured and built, not all ciphers listed
410 here may be present. See L<openssl-enc(1)> for more information.
414 =item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb>
418 =item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb>
422 =item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb>
426 =item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb>
430 =item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb>
434 =item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb>
442 =item B<bf>, B<bf-cbc>, B<bf-cfb>, B<bf-ecb>, B<bf-ofb>
446 =item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb>
450 =item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb>
454 =item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb>
458 =item B<cast>, B<cast-cbc>
462 =item B<cast5-cbc>, B<cast5-cfb>, B<cast5-ecb>, B<cast5-ofb>
470 =item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb>
474 =item B<des3>, B<desx>, B<des-ede3>, B<des-ede3-cbc>, B<des-ede3-cfb>, B<des-ede3-ofb>
478 =item B<idea>, B<idea-cbc>, B<idea-cfb>, B<idea-ecb>, B<idea-ofb>
482 =item B<rc2>, B<rc2-cbc>, B<rc2-cfb>, B<rc2-ecb>, B<rc2-ofb>
490 =item B<rc5>, B<rc5-cbc>, B<rc5-cfb>, B<rc5-ecb>, B<rc5-ofb>
494 =item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb>
498 =item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb>
506 Details of which options are available depend on the specific command.
507 This section describes some common options with common behavior.
509 =head2 Common Options
515 Provides a terse summary of all options.
516 If an option takes an argument, the "type" of argument is also given.
520 This terminates the list of options. It is mostly useful if any filename
521 parameters start with a minus sign:
523 openssl verify [flags...] -- -cert1.pem...
527 =head2 Format Options
529 Several OpenSSL commands can take input or generate output in a variety
531 Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
532 files in any of the B<DER>, B<PEM>, or B<P12> formats,
533 while specifying their input format is no more needed.
535 The list of acceptable formats, and the default, is
536 described in each command documentation. The list of formats is
537 described below. Both uppercase and lowercase are accepted.
543 A binary format, encoded or parsed according to Distinguished Encoding Rules
544 (DER) of the ASN.1 data language.
548 Used to specify that the cryptographic material is in an OpenSSL B<engine>.
549 An engine must be configured or specified using the B<-engine> option.
550 In addition, the B<-input> flag can be used to name a specific object in
552 A password, such as the B<-passin> flag often must be specified as well.
556 A DER-encoded file containing a PKCS#12 object.
557 It might be necessary to provide a decryption password to retrieve
562 A text format defined in IETF RFC 1421 and IETF RFC 7468. Briefly, this is
563 a block of base-64 encoding (defined in IETF RFC 4648), with specific
564 lines used to mark the start and end:
566 Text before the BEGIN line is ignored.
567 ----- BEGIN object-type -----
568 OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
569 xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
570 UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
571 ----- END object-type -----
572 Text after the END line is also ignored
574 The I<object-type> must match the type of object that is expected.
575 For example a C<BEGIN X509 CERTIFICATE> will not match if the command
576 is trying to read a private key. The types supported include:
588 ENCRYPTED PRIVATE KEY
595 SSL SESSION PARAMETERS
600 The following legacy I<object-type>'s are also supported for compatibility
601 with earlier releases:
604 NEW CERTIFICATE REQUEST
610 An S/MIME object as described in IETF RFC 8551.
611 Earlier versions were known as CMS and are compatible.
612 Note that the parsing is simple and might fail to parse some legal data.
616 The options to specify the format are as follows. Refer to the individual
617 man page to see which options are accepted.
621 =item B<-inform> I<format>, B<-outform> I<format>
623 The format of the input or output streams.
625 =item B<-keyform> I<format>
627 Format of a private key input source.
628 The only value with effect is B<ENGINE>; all others have become obsolete.
629 See L<openssl(1)/Format Options> for details.
631 =item B<-CRLform> I<format>
633 Format of a CRL input source.
637 =head2 Pass Phrase Options
639 Several commands accept password arguments, typically using B<-passin>
640 and B<-passout> for input and output passwords respectively. These allow
641 the password to be obtained from a variety of sources. Both of these
642 options take a single argument whose format is described below. If no
643 password argument is given and a password is required then the user is
644 prompted to enter one: this will typically be read from the current
645 terminal with echoing turned off.
647 Note that character encoding may be relevant, please see
648 L<passphrase-encoding(7)>.
652 =item B<pass:>I<password>
654 The actual password is I<password>. Since the password is visible
655 to utilities (like 'ps' under Unix) this form should only be used
656 where security is not important.
660 Obtain the password from the environment variable I<var>. Since
661 the environment of other processes is visible on certain platforms
662 (e.g. ps under certain Unix OSes) this option should be used with caution.
664 =item B<file:>I<pathname>
666 The first line of I<pathname> is the password. If the same I<pathname>
667 argument is supplied to B<-passin> and B<-passout> arguments then the first
668 line will be used for the input password and the next line for the output
669 password. I<pathname> need not refer to a regular file: it could for example
670 refer to a device or named pipe.
672 =item B<fd:>I<number>
674 Read the password from the file descriptor I<number>. This can be used to
675 send the data via a pipe for example.
679 Read the password from standard input.
683 =head2 Trusted Certificate Options
685 Part of validating a certificate includes verifying that the chain of CA's
686 can be traced up to an existing trusted root. The following options specify
687 how to list the trusted roots, also known as trust anchors. A collection
688 of trusted roots is called a I<trust store>.
690 Note that OpenSSL does not provide a default set of trust anchors. Many
691 Linux distributions include a system default and configure OpenSSL to point
692 to that. Mozilla maintains an influential trust store that can be found at
693 L<https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/>.
697 =item B<-CAfile> I<file>
699 Load the specified file which contains one or more PEM-format certificates
700 of CA's that are trusted.
704 Do not load the default file of trusted certificates.
706 =item B<-CApath> I<dir>
708 Use the specified directory as a list of trust certificates. That is,
709 files should be named with the hash of the X.509 SubjectName of each
710 certificate. This is so that the library can extract the IssuerName,
711 hash it, and directly lookup the file to get the issuer certificate.
712 See L<openssl-rehash(1)> for information on creating this type of directory.
716 Do not use the default directory of trusted certificates.
718 =item B<-CAstore> I<uri>
720 Use I<uri> as a store of trusted CA certificates. The URI may
721 indicate a single certificate, as well as a collection of them.
722 With URIs in the C<file:> scheme, this acts as B<-CAfile> or
723 B<-CApath>, depending on if the URI indicates a single file or
725 See L<ossl_store-file(7)> for more information on the C<file:> scheme.
727 These certificates are also used when building the server certificate
728 chain (for example with L<openssl-s_server(1)>) or client certificate
729 chain (for example with L<openssl-s_time(1)>).
733 Do not use the default store.
737 =head2 Random State Options
739 Prior to OpenSSL 1.1.1, it was common for applications to store information
740 about the state of the random-number generator in a file that was loaded
741 at startup and rewritten upon exit. On modern operating systems, this is
742 generally no longer necessary as OpenSSL will seed itself from a trusted
743 entropy source provided by the operating system. These flags are still
744 supported for special platforms or circumstances that might require them.
746 It is generally an error to use the same seed file more than once and
747 every use of B<-rand> should be paired with B<-writerand>.
751 =item B<-rand> I<files>
753 A file or files containing random data used to seed the random number
755 Multiple files can be specified separated by an OS-dependent character.
756 The separator is C<;> for MS-Windows, C<,> for OpenVMS, and C<:> for
757 all others. Another way to specify multiple files is to repeat this flag
758 with different filenames.
760 =item B<-writerand> I<file>
762 Writes the seed data to the specified I<file> upon exit.
763 This file can be used in a subsequent command invocation.
767 =head2 Provider Options
769 With the move to provider based cryptographic operations in OpenSSL 3.0,
770 options were added to allow specific providers or sets of providers to be used.
774 =item B<-provider> I<name>
776 Use the provider identified by I<name> and use all the methods it
777 implements (algorithms, key storage, etc.). This option can be specified
778 multiple time to load more than one provider.
780 =item B<-provider-path> I<path>
782 Specify the search I<path> that is used to locate provider modules. The format
783 of I<path> varies depending on the operating system being used.
787 =head2 Extended Verification Options
789 Sometimes there may be more than one certificate chain leading to an
790 end-entity certificate.
791 This usually happens when a root or intermediate CA signs a certificate
792 for another a CA in other organization.
793 Another reason is when a CA might have intermediates that use two different
794 signature formats, such as a SHA-1 and a SHA-256 digest.
796 The following options can be used to provide data that will allow the
797 OpenSSL command to generate an alternative chain.
801 =item B<-xkey> I<infile>, B<-xcert> I<infile>, B<-xchain>
803 Specify an extra certificate, private key and certificate chain. These behave
804 in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When
805 specified, the callback returning the first valid chain will be in use by the
808 =item B<-xchain_build>
810 Specify whether the application should build the certificate chain to be
811 provided to the server for the extra certificates via the B<-xkey>,
812 B<-xcert>, and B<-xchain> options.
814 =item B<-xcertform> B<DER>|B<PEM>|B<P12>
816 The input format for the extra certificate.
817 This option has no effect and is retained for backward compatibility only.
819 =item B<-xkeyform> B<DER>|B<PEM>|B<P12>
821 The input format for the extra key.
822 This option has no effect and is retained for backward compatibility only.
826 =head2 Verification Options
828 Many OpenSSL commands verify certificates. The details of how each
829 command handles errors are documented on the specific command page.
831 Verification is a complicated process, consisting of a number of separate
832 steps that are detailed in the following paragraphs.
834 First, a certificate chain is built up starting from the target certificate
835 and typically ending in a self-signed "root" CA certificate.
836 It is an error if the whole chain cannot be built up
837 unless the B<-partial_chain> option is given.
838 The chain is built up iteratively, looking up in turn
839 the certificate of the signer ("issuer") of the current certificate.
840 If a certificate is found that appears to be its own issuer
841 it is assumed to be the self-signed root, which must be trusted.
843 The process of looking up the issuer's certificate itself involves a number
845 All available certificates with a subject name that matches the issuer
846 name of the current certificate are subject to further tests.
847 The relevant authority key identifier components of the current certificate
848 (if present) must match the subject key identifier (if present)
849 and issuer and serial number of the candidate issuer certificate.
851 The lookup first searches for issuer certificates in the trust store.
852 If it does not find a match there it consults
853 the list of untrusted "intermediate" CA certificates (if provided).
854 The last certificate (which typically is of a root CA) is always looked up
855 in the trusted certificate list; an exact match must be found there.
857 The second step is to check the extensions of every untrusted certificate
858 for consistency with the supplied purpose.
859 If the B<-purpose> option is not included then no checks are done.
860 The target or "leaf" certificate must have extensions compatible with the
861 supplied purpose and all other certificates must also be valid CA certificates.
862 The precise extensions required are described in more detail in
863 L<openssl-x509(1)/CERTIFICATE EXTENSIONS>.
865 The third step is to check the trust settings on the last certficate,
866 typically of a root CA.
867 It should be trusted for the supplied purpose.
868 For compatibility with previous versions of OpenSSL,
869 a certificate with no trust settings is considered to be valid for all purposes.
871 The fourth, and final, step is to check the validity of the certificate chain.
872 The validity period is checked against the system time
873 and the C<notBefore> and C<notAfter> dates in each certificate.
874 The B<-attime> flag may be used to specify a time other than "now."
875 The certificate signatures are also checked at this point
876 (except for the signature of the self-signed "root CA" certificate,
877 which is verified only if the B<-check_ss_sig> option is given).
878 When verifying a certificate signature
879 the keyUsage extension (if present) of the candidate issuer certificate
880 is checked to permit digitalSignature for signing proxy certificates
881 or to permit keyCertSign for signing other certificates, respectively.
882 If all operations complete successfully then certificate is considered
883 valid. If any operation fails then the certificate is not valid.
885 The details of the processing steps can be fine-tuned with the
892 Print extra information about the operations being performed.
894 =item B<-attime> I<timestamp>
896 Perform validation checks using time specified by I<timestamp> and not
897 current system time. I<timestamp> is the number of seconds since
898 January 1, 1970 (i.e., the Unix Epoch).
900 =item B<-no_check_time>
902 This option suppresses checking the validity period of certificates and CRLs
903 against the current time. If option B<-attime> is used to specify
904 a verification time, the check is not suppressed.
906 =item B<-x509_strict>
908 This disables non-compliant workarounds for broken certificates.
910 =item B<-ignore_critical>
912 Normally if an unhandled critical extension is present that is not
913 supported by OpenSSL the certificate is rejected (as required by RFC5280).
914 If this option is set critical extensions are ignored.
916 =item B<-issuer_checks>
922 Checks end entity certificate validity by attempting to look up a valid CRL.
923 If a valid CRL cannot be found an error occurs.
925 =item B<-crl_check_all>
927 Checks the validity of B<all> certificates in the chain by attempting
928 to look up valid CRLs.
932 Enable support for delta CRLs.
934 =item B<-extended_crl>
936 Enable extended CRL features such as indirect CRLs and alternate CRL
939 =item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192>
941 Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or
942 192 bit, or only 192 bit Level of Security respectively.
943 See RFC6460 for details. In particular the supported signature algorithms are
944 reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves
947 =item B<-auth_level> I<level>
949 Set the certificate chain authentication security level to I<level>.
950 The authentication security level determines the acceptable signature and
951 public key strength when verifying certificate chains. For a certificate
952 chain to validate, the public keys of all the certificates must meet the
953 specified security I<level>. The signature algorithm security level is
954 enforced for all the certificates in the chain except for the chain's
955 I<trust anchor>, which is either directly trusted or validated by means
956 other than its signature. See L<SSL_CTX_set_security_level(3)> for the
957 definitions of the available levels. The default security level is -1,
958 or "not set". At security level 0 or lower all algorithms are acceptable.
959 Security level 1 requires at least 80-bit-equivalent security and is broadly
960 interoperable, though it will, for example, reject MD5 signatures or RSA
961 keys shorter than 1024 bits.
963 =item B<-partial_chain>
965 Allow verification to succeed even if a I<complete> chain cannot be built to a
966 self-signed trust-anchor, provided it is possible to construct a chain to a
967 trusted certificate that might not be self-signed.
968 This certificate may be self-issued or belong to an intermediate CA.
970 =item B<-check_ss_sig>
972 Verify the signature of
973 the last certificate in a chain if the certificate is supposedly self-signed.
974 This is prohibited and will result in an error if it is a non-conforming CA
975 certificate with key usage restrictions not including the keyCertSign bit.
976 This verification is disabled by default because it doesn't add any security.
978 =item B<-allow_proxy_certs>
980 Allow the verification of proxy certificates.
982 =item B<-trusted_first>
984 As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
986 When constructing the certificate chain, the trusted certificates specified
987 via B<-CAfile>, B<-CApath>, B<-CAstore> or B<-trusted> are always used
988 before any certificates specified via B<-untrusted>.
990 =item B<-no_alt_chains>
992 As of OpenSSL 1.1.0, since B<-trusted_first> always on, this option has no
995 =item B<-trusted> I<file>
997 Parse I<file> as a set of one or more certificates in PEM format.
998 All certificates must be self-signed, unless the
999 B<-partial_chain> option is specified.
1000 This option implies the B<-no-CAfile>, B<-no-CApath>, and B<-no-CAstore> options
1001 and it cannot be used with the B<-CAfile>, B<-CApath> or B<-CAstore> options, so
1002 only certificates in the file are trust anchors.
1003 This option may be used multiple times.
1005 =item B<-untrusted> I<file>
1007 Parse I<file> as a set of one or more certificates in PEM format.
1008 All certificates are untrusted certificates (typically of intermedate CAs)
1010 construct a certificate chain from the subject certificate to a trust anchor.
1011 This option may be used multiple times.
1013 =item B<-policy> I<arg>
1015 Enable policy processing and add I<arg> to the user-initial-policy-set (see
1016 RFC5280). The policy I<arg> can be an object name an OID in numeric form.
1017 This argument can appear more than once.
1019 =item B<-explicit_policy>
1021 Set policy variable require-explicit-policy (see RFC5280).
1023 =item B<-policy_check>
1025 Enables certificate policy processing.
1027 =item B<-policy_print>
1029 Print out diagnostics related to policy processing.
1031 =item B<-inhibit_any>
1033 Set policy variable inhibit-any-policy (see RFC5280).
1035 =item B<-inhibit_map>
1037 Set policy variable inhibit-policy-mapping (see RFC5280).
1039 =item B<-purpose> I<purpose>
1041 The intended use for the certificate. If this option is not specified, this
1042 command will not consider certificate purpose during chain verification.
1043 Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
1044 B<smimesign>, B<smimeencrypt>.
1046 =item B<-verify_depth> I<num>
1048 Limit the certificate chain to I<num> intermediate CA certificates.
1049 A maximal depth chain can have up to I<num>+2 certificates, since neither the
1050 end-entity certificate nor the trust-anchor certificate count against the
1051 B<-verify_depth> limit.
1053 =item B<-verify_email> I<email>
1055 Verify if I<email> matches the email address in Subject Alternative Name or
1056 the email in the subject Distinguished Name.
1058 =item B<-verify_hostname> I<hostname>
1060 Verify if I<hostname> matches DNS name in Subject Alternative Name or
1061 Common Name in the subject certificate.
1063 =item B<-verify_ip> I<ip>
1065 Verify if I<ip> matches the IP address in Subject Alternative Name of
1066 the subject certificate.
1068 =item B<-verify_name> I<name>
1070 Use default verification policies like trust model and required certificate
1071 policies identified by I<name>.
1072 The trust model determines which auxiliary trust or reject OIDs are applicable
1073 to verifying the given certificate chain.
1074 See the B<-addtrust> and B<-addreject> options for L<openssl-x509(1)>.
1075 Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>,
1076 B<ssl_client>, B<ssl_server>.
1077 These mimics the combinations of purpose and trust settings used in SSL, CMS
1079 As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
1080 specified, so the B<-verify_name> options are functionally equivalent to the
1081 corresponding B<-purpose> settings.
1085 =head2 Name Format Options
1087 OpenSSL provides fine-grain control over how the subject and issuer DN's are
1089 This is specified by using the B<-nameopt> option, which takes a
1090 comma-separated list of options from the following set.
1091 An option may be preceded by a minus sign, C<->, to turn it off.
1092 The default value is C<oneline>.
1093 The first four are the most commonly used.
1099 Display the name using an old format from previous OpenSSL versions.
1103 Display the name using the format defined in RFC 2253.
1104 It is equivalent to B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>,
1105 B<dump_nostr>, B<dump_unknown>, B<dump_der>, B<sep_comma_plus>, B<dn_rev>
1110 Display the name in one line, using a format that is more readable
1112 It is equivalent to B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>,
1113 B<dump_nostr>, B<dump_der>, B<use_quote>, B<sep_comma_plus_space>,
1114 B<space_eq> and B<sname> options.
1118 Display the name using multiple lines.
1119 It is equivalent to B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, B<space_eq>,
1120 B<lname> and B<align>.
1124 Escape the "special" characters in a field, as required by RFC 2253.
1125 That is, any of the characters C<,+"E<lt>E<gt>;>, C<#> at the beginning of
1126 a string and leading or trailing spaces.
1130 Escape the "special" characters in a field as required by RFC 2254 in a field.
1131 That is, the B<NUL> character and of C<()*>.
1135 Escape non-printable ASCII characters, codes less than 0x20 (space)
1136 or greater than 0x7F (DELETE). They are displayed using RFC 2253 C<\XX>
1137 notation where B<XX> are the two hex digits representing the character value.
1141 Escape any characters with the most significant bit set, that is with
1142 values larger than 127, as described in B<esc_ctrl>.
1146 Escapes some characters by surrounding the entire string with quotation
1148 Without this option, individual special characters are preceded with
1149 a backslash character, C<\>.
1153 Convert all strings to UTF-8 format first as required by RFC 2253.
1154 If the output device is UTF-8 compatible, then using this option (and
1155 not setting B<esc_msb>) may give the correct display of multibyte
1157 If this option is not set, then multibyte characters larger than 0xFF
1158 will be output as C<\UXXXX> for 16 bits or C<\WXXXXXXXX> for 32 bits.
1159 In addition, any UTF8Strings will be converted to their character form first.
1161 =item B<ignore_type>
1163 This option does not attempt to interpret multibyte characters in any
1164 way. That is, the content octets are merely dumped as though one octet
1165 represents each character. This is useful for diagnostic purposes but
1166 will result in rather odd looking output.
1170 Display the type of the ASN1 character string before the value,
1171 such as C<BMPSTRING: Hello World>.
1175 Any fields that would be output in hex format are displayed using
1176 the DER encoding of the field.
1177 If not set, just the content octets are displayed.
1178 Either way, the B<#XXXX...> format of RFC 2253 is used.
1182 Dump non-character strings, such as ASN.1 B<OCTET STRING>.
1183 If this option is not set, then non character string types will be displayed
1184 as though each content octet represents a single character.
1188 Dump all fields. When this used with B<dump_der>, this allows the
1189 DER encoding of the structure to be unambiguously determined.
1191 =item B<dump_unknown>
1193 Dump any field whose OID is not recognised by OpenSSL.
1195 =item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
1198 Specify the field separators. The first word is used between the
1199 Relative Distinguished Names (RDNs) and the second is between
1200 multiple Attribute Value Assertions (AVAs). Multiple AVAs are
1201 very rare and their use is discouraged.
1202 The options ending in "space" additionally place a space after the separator to make it more readable.
1203 The B<sep_multiline> starts each field on its own line, and uses "plus space"
1204 for the AVA separator.
1205 It also indents the fields by four characters.
1206 The default value is B<sep_comma_plus_space>.
1210 Reverse the fields of the DN as required by RFC 2253.
1211 This also reverses the order of multiple AVAs in a field, but this is
1212 permissible as there is no ordering on values.
1214 =item B<nofname>, B<sname>, B<lname>, B<oid>
1216 Specify how the field name is displayed.
1217 B<nofname> does not display the field at all.
1218 B<sname> uses the "short name" form (CN for commonName for example).
1219 B<lname> uses the long form.
1220 B<oid> represents the OID in numerical form and is useful for
1225 Align field values for a more readable output. Only usable with
1230 Places spaces round the equal sign, C<=>, character which follows the field
1235 =head2 TLS Version Options
1237 Several commands use SSL, TLS, or DTLS. By default, the commands use TLS and
1238 clients will offer the lowest and highest protocol version they support,
1239 and servers will pick the highest version that the client offers that is also
1240 supported by the server.
1242 The options below can be used to limit which protocol versions are used,
1243 and whether TCP (SSL and TLS) or UDP (DTLS) is used.
1244 Note that not all protocols and flags may be available, depending on how
1249 =item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
1251 These options require or disable the use of the specified SSL or TLS protocols.
1252 When a specific TLS version is required, only that version will be offered or
1254 Only one specific protocol can be given and it cannot be combined with any of
1257 =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
1259 These options specify to use DTLS instead of DLTS.
1260 With B<-dtls>, clients will negotiate any supported DTLS protocol version.
1261 Use the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2,
1266 =head2 Engine Options
1270 =item B<-engine> I<id>
1272 Use the engine identified by I<id> and use all the methods it
1273 implements (algorithms, key storage, etc.), unless specified otherwise in
1274 the command-specific documentation or it is configured to do so, as described
1275 in L<config(5)/Engine Configuration Module>.
1281 The OpenSSL library can be take some configuration parameters from the
1282 environment. Some of these variables are listed below. For information
1283 about specific commands, see L<openssl-engine(1)>, L<openssl-provider(1)>,
1284 L<openssl-rehash(1)>, and L<tsget(1)>.
1286 For information about the use of environment variables in configuration,
1287 see L<config(5)/ENVIRONMENT>.
1289 For information about querying or specifying CPU architecture flags, see
1290 L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
1292 For information about all environment variables used by the OpenSSL libraries,
1293 see L<openssl-env(7)>.
1297 =item B<OPENSSL_TRACE=>I<name>[,...]
1299 Enable tracing output of OpenSSL library, by name.
1300 This output will only make sense if you know OpenSSL internals well.
1301 Also, it might not give you any output at all, depending on how
1304 The value is a comma separated list of names, with the following
1311 The tracing functionality.
1323 Show details about provider and engine configuration.
1325 =item B<ENGINE_TABLE>
1327 The function that is used by RSA, DSA (etc) code to select registered
1328 ENGINEs, cache defaults and functional references (etc), will generate
1329 debugging summaries.
1331 =item B<ENGINE_REF_COUNT>
1333 Reference counts in the ENGINE structure will be monitored with a line
1334 of generated for each change.
1340 =item B<PKCS12_KEYGEN>
1342 PKCS#12 key generation.
1344 =item B<PKCS12_DECRYPT>
1348 =item B<X509V3_POLICY>
1350 Generates the complete policy tree at various point during X.509 v3
1363 L<openssl-asn1parse(1)>,
1365 L<openssl-ciphers(1)>,
1368 L<openssl-crl2pkcs7(1)>,
1370 L<openssl-dhparam(1)>,
1372 L<openssl-dsaparam(1)>,
1374 L<openssl-ecparam(1)>,
1376 L<openssl-engine(1)>,
1377 L<openssl-errstr(1)>,
1378 L<openssl-gendsa(1)>,
1379 L<openssl-genpkey(1)>,
1380 L<openssl-genrsa(1)>,
1385 L<openssl-passwd(1)>,
1386 L<openssl-pkcs12(1)>,
1387 L<openssl-pkcs7(1)>,
1388 L<openssl-pkcs8(1)>,
1390 L<openssl-pkeyparam(1)>,
1391 L<openssl-pkeyutl(1)>,
1392 L<openssl-prime(1)>,
1394 L<openssl-rehash(1)>,
1397 L<openssl-rsautl(1)>,
1398 L<openssl-s_client(1)>,
1399 L<openssl-s_server(1)>,
1400 L<openssl-s_time(1)>,
1401 L<openssl-sess_id(1)>,
1402 L<openssl-smime(1)>,
1403 L<openssl-speed(1)>,
1404 L<openssl-spkac(1)>,
1406 L<openssl-storeutl(1)>,
1408 L<openssl-verify(1)>,
1409 L<openssl-version(1)>,
1420 The B<list> -I<XXX>B<-algorithms> options were added in OpenSSL 1.0.0;
1421 For notes on the availability of other commands, see their individual
1424 The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
1425 is silently ignored.
1427 The B<-xcertform> and B<-xkeyform> options
1428 are obsolete since OpenSSL 3.0 and have no effect.
1430 The interactive mode, which could be invoked by running C<openssl>
1431 with no further arguments, was removed in OpenSSL 3.0, and running
1432 that program with no arguments is now equivalent to C<openssl help>.
1436 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
1438 Licensed under the Apache License 2.0 (the "License"). You may not use
1439 this file except in compliance with the License. You can obtain a copy
1440 in the file LICENSE in the source distribution or at
1441 L<https://www.openssl.org/source/license.html>.