summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/ca.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/ca.1')
-rw-r--r--secure/usr.bin/openssl/man/ca.124
1 files changed, 21 insertions, 3 deletions
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index cd9990d..17f2b8f 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH CA 1 "2014-08-06" "1.0.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,6 +139,8 @@ ca \- sample minimal CA application
[\fB\-name section\fR]
[\fB\-gencrl\fR]
[\fB\-revoke file\fR]
+[\fB\-status serial\fR]
+[\fB\-updatedb\fR]
[\fB\-crl_reason reason\fR]
[\fB\-crl_hold instruction\fR]
[\fB\-crl_compromise time\fR]
@@ -152,6 +154,7 @@ ca \- sample minimal CA application
[\fB\-md arg\fR]
[\fB\-policy arg\fR]
[\fB\-keyfile arg\fR]
+[\fB\-keyform PEM|DER\fR]
[\fB\-key arg\fR]
[\fB\-passin arg\fR]
[\fB\-cert file\fR]
@@ -201,7 +204,7 @@ a single self signed certificate to be signed by the \s-1CA\s0.
.IX Item "-spkac filename"
a file containing a single Netscape signed public key and challenge
and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR
-section for information on the required format.
+section for information on the required input and output format.
.IP "\fB\-infiles\fR" 4
.IX Item "-infiles"
if present this should be the last option, all subsequent arguments
@@ -210,7 +213,7 @@ are assumed to be the names of files containing certificate requests.
.IX Item "-out filename"
the output file to output certificates to. The default is standard
output. The certificate details will also be printed out to this
-file.
+file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format).
.IP "\fB\-outdir directory\fR" 4
.IX Item "-outdir directory"
the directory to output certificates to. The certificate will be
@@ -222,6 +225,10 @@ the \s-1CA\s0 certificate file.
.IP "\fB\-keyfile filename\fR" 4
.IX Item "-keyfile filename"
the private key to sign requests with.
+.IP "\fB\-keyform PEM|DER\fR" 4
+.IX Item "-keyform PEM|DER"
+the format of the data in the private key file.
+The default is \s-1PEM\s0.
.IP "\fB\-key password\fR" 4
.IX Item "-key password"
the password used to encrypt the private key. Since on some
@@ -351,6 +358,13 @@ the number of hours before the next \s-1CRL\s0 is due.
.IP "\fB\-revoke filename\fR" 4
.IX Item "-revoke filename"
a filename containing a certificate to revoke.
+.IP "\fB\-status serial\fR" 4
+.IX Item "-status serial"
+displays the revocation status of the certificate with the specified
+serial number and exits.
+.IP "\fB\-updatedb\fR" 4
+.IX Item "-updatedb"
+Updates the database index to purge expired certificates.
.IP "\fB\-crl_reason reason\fR" 4
.IX Item "-crl_reason reason"
revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR,
@@ -546,6 +560,10 @@ The file should contain the variable \s-1SPKAC\s0 set to the value of
the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs.
If you need to include the same component twice then it can be
preceded by a number and a '.'.
+.PP
+When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR
+flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR
+flag is used.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Note: these examples assume that the \fBca\fR directory structure is
OpenPOWER on IntegriCloud