Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help

       openssl-namedisplay-options - Distinguished name	display	options

       openssl command [ options ... ] [ parameters ...	]

       OpenSSL provides	fine-grain control over	how the	subject	and issuer
       DN's are	displayed.  This is specified by using the -nameopt option,
       which takes a comma-separated list of options from the following	set.
       An option may be	preceded by a minus sign, "-", to turn it off.	The
       default value is	"oneline".  The	first four are the most	commonly used.

   Name	Format Option Arguments
       The DN output format can	be fine	tuned with the following flags.

	   Display the name using an old format	from previous OpenSSL

	   Display the name using the format defined in	RFC 2253.  It is
	   equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr,
	   dump_unknown, dump_der, sep_comma_plus, dn_rev and sname.

	   Display the name in one line, using a format	that is	more readable
	   RFC 2253.  It is equivalent to esc_2253, esc_ctrl, esc_msb, utf8,
	   dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq and
	   sname options.

	   Display the name using multiple lines.  It is equivalent to
	   esc_ctrl, esc_msb, sep_multiline, space_eq, lname and align.

	   Escape the "special"	characters in a	field, as required by RFC
	   2253.  That is, any of the characters ",+"<>;", "#" at the
	   beginning of	a string and leading or	trailing spaces.

	   Escape the "special"	characters in a	field as required by RFC 2254
	   in a	field.	That is, the NUL character and of "()*".

	   Escape non-printable	ASCII characters, codes	less than 0x20 (space)
	   or greater than 0x7F	(DELETE). They are displayed using RFC 2253
	   "\XX" notation where	XX are the two hex digits representing the
	   character value.

	   Escape any characters with the most significant bit set, that is
	   with	values larger than 127,	as described in	esc_ctrl.

	   Escapes some	characters by surrounding the entire string with
	   quotation marks, """.  Without this option, individual special
	   characters are preceded with	a backslash character, "\".

	   Convert all strings to UTF-8	format first as	required by RFC	2253.
	   If the output device	is UTF-8 compatible, then using	this option
	   (and	not setting esc_msb) may give the correct display of multibyte
	   characters.	If this	option is not set, then	multibyte characters
	   larger than 0xFF will be output as "\UXXXX" for 16 bits or
	   "\WXXXXXXXX"	for 32 bits.  In addition, any UTF8Strings will	be
	   converted to	their character	form first.

	   This	option does not	attempt	to interpret multibyte characters in
	   any way. That is, the content octets	are merely dumped as though
	   one octet represents	each character.	This is	useful for diagnostic
	   purposes but	will result in rather odd looking output.

	   Display the type of the ASN1	character string before	the value,
	   such	as "BMPSTRING: Hello World".

	   Any fields that would be output in hex format are displayed using
	   the DER encoding of the field.  If not set, just the	content	octets
	   are displayed.  Either way, the #XXXX... format of RFC 2253 is

	   Dump	non-character strings, such as ASN.1 OCTET STRING.  If this
	   option is not set, then non character string	types will be
	   displayed as	though each content octet represents a single

	   Dump	all fields. When this used with	dump_der, this allows the DER
	   encoding of the structure to	be unambiguously determined.

	   Dump	any field whose	OID is not recognised by OpenSSL.

       sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space,
	   Specify the field separators. The first word	is used	between	the
	   Relative Distinguished Names	(RDNs) and the second is between
	   multiple Attribute Value Assertions (AVAs). Multiple	AVAs are very
	   rare	and their use is discouraged.  The options ending in "space"
	   additionally	place a	space after the	separator to make it more
	   readable.  The sep_multiline	starts each field on its own line, and
	   uses	"plus space" for the AVA separator.  It	also indents the
	   fields by four characters.  The default value is

	   Reverse the fields of the DN	as required by RFC 2253.  This also
	   reverses the	order of multiple AVAs in a field, but this is
	   permissible as there	is no ordering on values.

       nofname,	sname, lname, oid
	   Specify how the field name is displayed.  nofname does not display
	   the field at	all.  sname uses the "short name" form (CN for
	   commonName for example).  lname uses	the long form.	oid represents
	   the OID in numerical	form and is useful for diagnostic purpose.

	   Align field values for a more readable output. Only usable with

	   Places spaces round the equal sign, "=", character which follows
	   the field name.

       Copyright 2000-2020 The OpenSSL Project Authors.	All Rights Reserved.

       Licensed	under the Apache License 2.0 (the "License").  You may not use
       this file except	in compliance with the License.	 You can obtain	a copy
       in the file LICENSE in the source distribution or at

3.0.0-beta1+quic		  2021-06-19OPENSSL-NAMEDISPLAY-OPTIONS(1ossl)


Want to link to this manual page? Use this URL:

home | help