openssl-cmp.pod.in: Update and extend example using Insta Demo CA

author Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Sat, 25 Jul 2020 11:47:04 +0000 (13:47 +0200)

committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Tue, 4 Aug 2020 10:11:46 +0000 (12:11 +0200)
author Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Sat, 25 Jul 2020 11:47:04 +0000 (13:47 +0200)
committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Tue, 4 Aug 2020 10:11:46 +0000 (12:11 +0200)
diff --git a/apps/insta.ca.crt b/apps/insta.ca.crt

new file mode 100644 (file)

index 0000000..6aea6d4

Binary files /dev/null and b/apps/insta.ca.crt differ
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in

index 45355cbdb32ebf1c735938ffdbf9c6f88b6e437a..8d3e686b55269dc2e395cbeb3496695e8c45463c 100644 (file)
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -991,8 +991,10 @@ to issue the following shell commands.
  
    cd /path/to/openssl
    export OPENSSL_CONF=openssl.cnf
+=begin comment
    wget 'http://pki.certificate.fi:8080/install-ca-cert.html/ca-certificate.crt\
          ?ca-id=632&download-certificate=1' -O insta.ca.crt
+=end comment
    openssl genrsa -out insta.priv.pem
    openssl cmp -section insta
  
@@ -1048,7 +1050,11 @@ or
  
  Many more options can be used in the configuration file
  and/or on the command line.
+For instance, the B<-reqexts> CLI option may refer to a section in the
+configuration file defining X.509 extensions to use in certificate requests,
+such as B<v3_req> in F<openssl/apps/openssl.cnf>:
  
+  openssl cmp -section insta,cr -reqexts v3_req
  
  =head2 Certificate enrollment
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Sat, 25 Jul 2020 11:47:04 +0000 (13:47 +0200)
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Tue, 4 Aug 2020 10:11:46 +0000 (12:11 +0200)
apps/insta.ca.crt	[new file with mode: 0644]	patch \| blob
doc/man1/openssl-cmp.pod.in		patch \| blob \| blame \| history