Lines Matching refs:cert
286 "Private or public key for the requested cert. Default: CSR key or client key"},
289 "Distinguished Name (DN) of subject to use in the requested cert template"},
291 "For kur, default is subject of -csr arg or reference cert (see -oldcert)"},
305 "Subject Alt Names (IPADDR/DNS/URI) to add as (critical) cert req extension"},
336 "Certificate to be updated (defaulting to -cert) or to be revoked in rr;"},
338 "also used as reference (defaulting to -cert) for subject DN and SANs."},
363 "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"},
380 "Server cert to pin and trust directly when verifying signed CMP responses"},
384 "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed"},
398 "Reference value to use as senderKID in case no -cert is given"},
401 {"cert", OPT_CERT, 's',
408 "Optional certs to verify chain building for own CMP signer cert"},
411 "Client private key (and cert and old cert) pass phrase source"},
419 "This can be used as the default CMP signer cert chain to include"},
451 "Pass phrase source for the client's private TLS key (and TLS cert)"},
499 "Server private key (and cert) pass phrase source"},
684 X509 *cert;
687 cert = load_cert_pass(uri, FORMAT_UNDEF, 0, pass_string, desc);
689 return cert;
1079 engine, "private key for mock server cert");
1108 X509 *cert = load_cert_pwd(opt_rsp_cert, opt_keypass,
1109 "cert to be returned by the mock server");
1111 if (cert == NULL)
1114 if (!ossl_cmp_mock_srv_set1_certOut(srv_ctx, cert)) {
1115 X509_free(cert);
1118 X509_free(cert);
1227 "trusted certs for verifying newly enrolled cert");
1273 X509 *cert;
1277 if (!load_cert_certs(opt_tls_cert, &cert, &certs, 0, opt_tls_keypass,
1283 ok = SSL_CTX_use_certificate(ssl_ctx, cert) > 0;
1284 X509_free(cert);
1288 * the chain to be provided with the TLS client cert to the TLS server.
1297 cert = sk_X509_value(untrusted, i);
1298 if (!SSL_CTX_add1_chain_cert(ssl_ctx, cert)) {
1299 CMP_err("could not add untrusted cert to TLS client cert chain");
1311 /* disable any cert status/revocation checking etc. */
1318 CMP_debug("trying to build cert chain for own TLS cert");
1322 CMP_debug("success building cert chain for own TLS cert");
1325 CMP_warn("could not build cert chain for own TLS cert");
1342 cert = sk_X509_value(tls_extra, i);
1344 res = SSL_CTX_add_extra_chain_cert(ssl_ctx, cert);
1346 X509_free(cert);
1361 * verify the key matches the cert,
1408 /* cert or subject should determine the sender */
1409 CMP_err("must give -ref if no -cert and no -subject given");
1413 CMP_err("must give both -cert and -key options or neither");
1430 CMP_warn("-cert and -key not used for protection since -secret is given");
1451 X509 *cert;
1456 if (!load_cert_certs(opt_cert, &cert, &certs, 0, opt_keypass,
1461 ok = OSSL_CMP_CTX_set1_cert(ctx, cert);
1462 X509_free(cert);
1468 "trusted certs for verifying own CMP signer cert");
1478 CMP_warn("-own_trusted option is ignored without -cert");
1528 CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback");
1533 CMP_err("missing -newkey (or -key) to be certified and no -csr, -oldcert, or -cert given for fallback public key");
1566 CMP_warn1("-subject %s since -ref or -cert is given", msg);
1608 CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\"");
1625 const char *desc = "new private key for cert to be enrolled";
1636 ? "fallback public key for cert to be enrolled"
1637 : "public key for checking cert resulting from p10cr";
1651 CMP_err("could not set requested cert validity period");
1683 CMP_err1("cannot load policy cert request extension section '%s'",
2028 static int write_cert(BIO *bio, X509 *cert)
2030 if ((opt_certform == FORMAT_PEM && PEM_write_bio_X509(bio, cert))
2031 || (opt_certform == FORMAT_ASN1 && i2d_X509_bio(bio, cert)))
2044 * where DER does not make much sense for writing more than one cert!