summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/doc/apps/req.pod
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/doc/apps/req.pod')
-rw-r--r--crypto/openssl/doc/apps/req.pod67
1 files changed, 61 insertions, 6 deletions
diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod
index a3f54f4..7a3b6bb 100644
--- a/crypto/openssl/doc/apps/req.pod
+++ b/crypto/openssl/doc/apps/req.pod
@@ -3,7 +3,7 @@
=head1 NAME
-req - PKCS#10 certificate and certificate generating utility.
+req - PKCS#10 certificate request and certificate generating utility.
=head1 SYNOPSIS
@@ -15,6 +15,7 @@ B<openssl> B<req>
[B<-out filename>]
[B<-passout arg>]
[B<-text>]
+[B<-pubkey>]
[B<-noout>]
[B<-verify>]
[B<-modulus>]
@@ -28,12 +29,18 @@ B<openssl> B<req>
[B<-keyout filename>]
[B<-[md5|sha1|md2|mdc2]>]
[B<-config filename>]
+[B<-subj arg>]
[B<-x509>]
[B<-days n>]
+[B<-set_serial n>]
[B<-asn1-kludge>]
[B<-newhdr>]
[B<-extensions section>]
[B<-reqexts section>]
+[B<-utf8>]
+[B<-nameopt>]
+[B<-batch>]
+[B<-verbose>]
=head1 DESCRIPTION
@@ -82,6 +89,10 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
prints out the certificate request in text form.
+=item B<-pubkey>
+
+outputs the public key.
+
=item B<-noout>
this option prevents output of the encoded version of the request.
@@ -154,18 +165,33 @@ this allows an alternative configuration file to be specified,
this overrides the compile time filename or any specified in
the B<OPENSSL_CONF> environment variable.
+=item B<-subj arg>
+
+sets subject name for new request or supersedes the subject name
+when processing a request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
=item B<-x509>
this option outputs a self signed certificate instead of a certificate
request. This is typically used to generate a test certificate or
a self signed root CA. The extensions added to the certificate
-(if any) are specified in the configuration file.
+(if any) are specified in the configuration file. Unless specified
+using the B<set_serial> option B<0> will be used for the serial
+number.
=item B<-days n>
when the B<-x509> option is being used this specifies the number of
days to certify the certificate for. The default is 30 days.
+=item B<-set_serial n>
+
+serial number to use when outputting a self signed certificate. This
+may be specified as a decimal value or a hex value if preceded by B<0x>.
+It is possible to use negative serial numbers but this is not recommended.
+
=item B<-extensions section>
=item B<-reqexts section>
@@ -176,6 +202,20 @@ request extensions. This allows several different sections to
be used in the same configuration file to specify requests for
a variety of purposes.
+=item B<-utf8>
+
+this option causes field values to be interpreted as UTF8 strings, by
+default they are interpreted as ASCII. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas. Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)|x509(1)> manual page for details.
+
=item B<-asn1-kludge>
by default the B<req> command outputs certificate requests containing
@@ -196,6 +236,14 @@ It should be noted that very few CAs still require the use of this option.
Adds the word B<NEW> to the PEM file header and footer lines on the outputed
request. Some software (Netscape certificate server) and some CAs need this.
+=item B<-batch>
+
+non-interactive mode.
+
+=item B<-verbose>
+
+print extra details about the operations being performed.
+
=back
=head1 CONFIGURATION FILE FORMAT
@@ -292,6 +340,13 @@ if set to the value B<no> this disables prompting of certificate fields
and just takes values from the config file directly. It also changes the
expected format of the B<distinguished_name> and B<attributes> sections.
+=item B<utf8>
+
+if set to the value B<yes> then field values to be interpreted as UTF8
+strings, by default they are interpreted as ASCII. This means that
+the field values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
=item B<attributes>
this specifies the section containing any request attributes: its format
@@ -457,13 +512,13 @@ Sample configuration containing all field values:
The header and footer lines in the B<PEM> format are normally:
- -----BEGIN CERTIFICATE REQUEST----
- -----END CERTIFICATE REQUEST----
+ -----BEGIN CERTIFICATE REQUEST-----
+ -----END CERTIFICATE REQUEST-----
some software (some versions of Netscape certificate server) instead needs:
- -----BEGIN NEW CERTIFICATE REQUEST----
- -----END NEW CERTIFICATE REQUEST----
+ -----BEGIN NEW CERTIFICATE REQUEST-----
+ -----END NEW CERTIFICATE REQUEST-----
which is produced with the B<-newhdr> option but is otherwise compatible.
Either form is accepted transparently on input.
OpenPOWER on IntegriCloud