Lines Matching full:proxy
60 .IX Title "PROXY-CERTIFICATES 7ossl"
61 .TH PROXY-CERTIFICATES 7ossl 2026-01-27 3.5.5 OpenSSL
67 proxy\-certificates \- Proxy certificates in OpenSSL
70 Proxy certificates are defined in RFC 3820. They are used to
75 The requirements for a valid proxy certificate are:
78 another proxy certificate.
87 .SS "Enabling proxy certificate verification"
88 .IX Subsection "Enabling proxy certificate verification"
89 OpenSSL expects applications that want to use proxy certificates to be
104 .SS "Creating proxy certificates"
105 .IX Subsection "Creating proxy certificates"
106 Creating proxy certificates can be done using the \fBopenssl\-x509\fR\|(1)
110 \& [ proxy ]
111 \& # A proxy certificate MUST NEVER be a CA certificate.
115 \& # The extension which marks this certificate as a proxy
119 It\*(Aqs also possible to specify the proxy extension in a separate section:
154 Note that the proxy policy value is what determines the rights granted
155 to the process during the proxy certificate, and it is up to the
158 With a proxy extension, creating a proxy certificate is a matter of
162 \& openssl req \-new \-config proxy.cnf \e
163 \& \-out proxy.req \-keyout proxy.key \e
164 \& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy"
166 \& openssl x509 \-req \-CAcreateserial \-in proxy.req \-out proxy.crt \e
168 \& \-extfile proxy.cnf \-extensions proxy
171 You can also create a proxy certificate using another proxy
173 configuration section for the proxy extensions:
176 \& openssl req \-new \-config proxy.cnf \e
178 \& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy/CN=proxy 2"
181 \& \-CA proxy.crt \-CAkey proxy.key \-days 7 \e
182 \& \-extfile proxy.cnf \-extensions proxy_2
184 .SS "Using proxy certs in applications"
185 .IX Subsection "Using proxy certs in applications"
186 To interpret proxy policies, the application would normally start with
188 rights by checking the rights against the chain of proxy certificates,
198 so you must be careful to do the proxy policy interpretation at the
254 \& * It\*(Aqs REALLY important you keep the proxy policy check
259 \& * certificate, followed by the possible proxy
275 \& * to this particular proxy certificate, usually
278 \& * this and any subsequent proxy certificate void
296 \& * the rights granted by the current proxy
375 To this date, it seems that proxy certificates have only been used in
380 For that reason, OpenSSL requires that applications aware of proxy
383 \&\fBsubjectAltName\fR and \fBissuerAltName\fR are forbidden in proxy