version 1.40, 2016/07/23 19:31:35 |
version 1.41, 2016/07/28 16:20:21 |
|
|
.Qq depth |
.Qq depth |
of the structures. |
of the structures. |
.It Fl in Ar file |
.It Fl in Ar file |
The input file; the default is standard input. |
The input file to read from, or standard input if not specified. |
.It Fl inform Cm der | pem | txt |
.It Fl inform Cm der | pem | txt |
The input format. |
The input format. |
.It Fl length Ar number |
.It Fl length Ar number |
|
|
The options relevant to CAs are as follows: |
The options relevant to CAs are as follows: |
.Bl -tag -width "XXXX" |
.Bl -tag -width "XXXX" |
.It Fl batch |
.It Fl batch |
This sets the batch mode. |
Batch mode. |
In this mode no questions will be asked |
In this mode no questions will be asked |
and all certificates will be certified automatically. |
and all certificates will be certified automatically. |
.It Fl cert Ar file |
.It Fl cert Ar file |
|
|
.It Fl days Ar arg |
.It Fl days Ar arg |
The number of days to certify the certificate for. |
The number of days to certify the certificate for. |
.It Fl enddate Ar date |
.It Fl enddate Ar date |
This allows the expiry date to be explicitly set. |
Set the expiry date. |
The format of the date is YYMMDDHHMMSSZ |
The format of the date is YYMMDDHHMMSSZ |
.Pq the same as an ASN1 UTCTime structure . |
.Pq the same as an ASN1 UTCTime structure . |
.It Fl extensions Ar section |
.It Fl extensions Ar section |
|
|
.It Fl passin Ar arg |
.It Fl passin Ar arg |
The key password source. |
The key password source. |
.It Fl policy Ar arg |
.It Fl policy Ar arg |
This option defines the CA |
Define the CA |
.Qq policy |
.Qq policy |
to use. |
to use. |
The policy section in the configuration file |
The policy section in the configuration file |
|
|
.It Fl ss_cert Ar file |
.It Fl ss_cert Ar file |
A single self-signed certificate to be signed by the CA. |
A single self-signed certificate to be signed by the CA. |
.It Fl startdate Ar date |
.It Fl startdate Ar date |
This allows the start date to be explicitly set. |
Set the start date. |
The format of the date is YYMMDDHHMMSSZ |
The format of the date is YYMMDDHHMMSSZ |
.Pq the same as an ASN1 UTCTime structure . |
.Pq the same as an ASN1 UTCTime structure . |
.It Fl status Ar serial |
.It Fl status Ar serial |
|
|
.It Fl updatedb |
.It Fl updatedb |
Update database for expired certificates. |
Update database for expired certificates. |
.It Fl verbose |
.It Fl verbose |
This prints extra details about the operations being performed. |
Print extra details about the operations being performed. |
.El |
.El |
.Pp |
.Pp |
The options relevant to CRLs are as follows: |
The options relevant to CRLs are as follows: |
|
|
.Fl crl_compromise , |
.Fl crl_compromise , |
except the revocation reason is set to CACompromise. |
except the revocation reason is set to CACompromise. |
.It Fl crl_compromise Ar time |
.It Fl crl_compromise Ar time |
This sets the revocation reason to keyCompromise and the compromise time to |
Set the revocation reason to keyCompromise and the compromise time to |
.Ar time . |
.Ar time . |
.Ar time |
.Ar time |
should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ. |
should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ. |
.It Fl crl_hold Ar instruction |
.It Fl crl_hold Ar instruction |
This sets the CRL revocation reason code to certificateHold and the hold |
Set the CRL revocation reason code to certificateHold and the hold |
instruction to |
instruction to |
.Ar instruction |
.Ar instruction |
which must be an OID. |
which must be an OID. |
|
|
.It Fl crlhours Ar num |
.It Fl crlhours Ar num |
The number of hours before the next CRL is due. |
The number of hours before the next CRL is due. |
.It Fl gencrl |
.It Fl gencrl |
This option generates a CRL based on information in the index file. |
Generate a CRL based on information in the index file. |
.It Fl revoke Ar file |
.It Fl revoke Ar file |
A |
A |
.Ar file |
.Ar file |
|
|
command converts |
command converts |
.Nm openssl |
.Nm openssl |
cipher lists into ordered SSL cipher preference lists. |
cipher lists into ordered SSL cipher preference lists. |
It can be used as a test tool to determine the appropriate cipherlist. |
It can be used as a way to determine the appropriate cipher list. |
.Pp |
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |