diff options
Diffstat (limited to 'upstream/debian-unstable/man1/openssl-req.1ssl')
| -rw-r--r-- | upstream/debian-unstable/man1/openssl-req.1ssl | 65 |
1 files changed, 44 insertions, 21 deletions
diff --git a/upstream/debian-unstable/man1/openssl-req.1ssl b/upstream/debian-unstable/man1/openssl-req.1ssl index 1822412e..e17186e8 100644 --- a/upstream/debian-unstable/man1/openssl-req.1ssl +++ b/upstream/debian-unstable/man1/openssl-req.1ssl @@ -55,7 +55,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL-REQ 1SSL" -.TH OPENSSL-REQ 1SSL 2024-02-03 3.1.5 OpenSSL +.TH OPENSSL-REQ 1SSL 2024-04-04 3.2.2-dev OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -90,15 +90,16 @@ openssl\-req \- PKCS#10 certificate request and certificate generating command [\fB\-config\fR \fIfilename\fR] [\fB\-section\fR \fIname\fR] [\fB\-x509\fR] +[\fB\-x509v1\fR] [\fB\-CA\fR \fIfilename\fR|\fIuri\fR] [\fB\-CAkey\fR \fIfilename\fR|\fIuri\fR] [\fB\-days\fR \fIn\fR] [\fB\-set_serial\fR \fIn\fR] [\fB\-newhdr\fR] [\fB\-copy_extensions\fR \fIarg\fR] -[\fB\-addext\fR \fIext\fR] [\fB\-extensions\fR \fIsection\fR] [\fB\-reqexts\fR \fIsection\fR] +[\fB\-addext\fR \fIext\fR] [\fB\-precert\fR] [\fB\-utf8\fR] [\fB\-reqopt\fR] @@ -109,6 +110,7 @@ openssl\-req \- PKCS#10 certificate request and certificate generating command [\fB\-vfyopt\fR \fInm\fR:\fIv\fR] [\fB\-batch\fR] [\fB\-verbose\fR] +[\fB\-quiet\fR] [\fB\-nameopt\fR \fIoption\fR] [\fB\-rand\fR \fIfiles\fR] [\fB\-writerand\fR \fIfile\fR] @@ -126,9 +128,13 @@ for use as root CAs for example. .IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR, \fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 -.IX Item "-inform DER|PEM, -outform DER|PEM" -The input and output formats; unspecified by default. +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 +.IX Item "-inform DER|PEM" +The CSR input file format to use; by default PEM is tried first. +See \fBopenssl\-format\-options\fR\|(1) for details. +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 +.IX Item "-outform DER|PEM" +The output format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp The data is a PKCS#10 object. @@ -195,7 +201,7 @@ This option is used to generate a new private key unless \fB\-key\fR is given. It is subsequently used as if it was given using the \fB\-key\fR option. .Sp This option implies the \fB\-new\fR flag to create a new certificate request -or a new certificate in case \fB\-x509\fR is given. +or a new certificate in case \fB\-x509\fR is used. .Sp The argument takes one of several forms. .Sp @@ -312,8 +318,18 @@ a large random number will be used for the serial number. Unless the \fB\-copy_extensions\fR option is used, X.509 extensions are not copied from any provided request input file. .Sp -X.509 extensions to be added can be specified in the configuration file -or using the \fB\-addext\fR option. +X.509 extensions to be added can be specified in the configuration file, +possibly using the \fB\-config\fR and \fB\-extensions\fR options, +and/or using the \fB\-addext\fR option. +.Sp +Unless \fB\-x509v1\fR is given, generated certificates bear X.509 version 3. +Unless specified otherwise, +key identifier extensions are included as described in \fBx509v3_config\fR\|(5). +.IP \fB\-x509v1\fR 4 +.IX Item "-x509v1" +Request generation of certificates with X.509 version 1. +This implies \fB\-x509\fR. +If X.509 extensions are given, anyway X.509 version 3 is set. .IP "\fB\-CA\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-CA filename|uri" Specifies the "CA" certificate to be used for signing a new certificate @@ -346,24 +362,20 @@ all extensions in the request are copied to the certificate. .Sp The main use of this option is to allow a certificate request to supply values for certain extensions such as subjectAltName. +.IP "\fB\-extensions\fR \fIsection\fR, \fB\-reqexts\fR \fIsection\fR" 4 +.IX Item "-extensions section, -reqexts section" +Can be used to override the name of the configuration file section +from which X.509 extensions are included +in the certificate (when \fB\-x509\fR is in use) or certificate request. +This allows several different sections to be used in the same configuration +file to specify requests for a variety of purposes. .IP "\fB\-addext\fR \fIext\fR" 4 .IX Item "-addext ext" Add a specific extension to the certificate (if \fB\-x509\fR is in use) or certificate request. The argument must have the form of -a key=value pair as it would appear in a config file. +a \f(CW\*(C`key=value\*(C'\fR pair as it would appear in a config file. .Sp This option can be given multiple times. -.IP "\fB\-extensions\fR \fIsection\fR" 4 -.IX Item "-extensions section" -.PD 0 -.IP "\fB\-reqexts\fR \fIsection\fR" 4 -.IX Item "-reqexts section" -.PD -These options specify alternative sections to include certificate -extensions (if \fB\-x509\fR is in use) or certificate request extensions. -This allows several different sections to -be used in the same configuration file to specify requests for -a variety of purposes. .IP \fB\-precert\fR 4 .IX Item "-precert" A poison extension will be added to the certificate, making it a @@ -396,6 +408,11 @@ Non-interactive mode. .IP \fB\-verbose\fR 4 .IX Item "-verbose" Print extra details about the operations being performed. +.IP \fB\-quiet\fR 4 +.IX Item "-quiet" +Print fewer details about the operations being performed, which may be +handy during batch scripts or pipelines (specifically "progress dots" +during key generation are suppressed). .IP "\fB\-keygen_engine\fR \fIid\fR" 4 .IX Item "-keygen_engine id" Specifies an engine (by its unique \fIid\fR string) which would be used @@ -786,9 +803,15 @@ has no effect. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. The <\-nodes> option was deprecated in OpenSSL 3.0, too; use \fB\-noenc\fR instead. +.PP +The \fB\-reqexts\fR option has been made an alias of \fB\-extensions\fR in OpenSSL 3.2. +.PP +Since OpenSSL 3.2, +generated certificates bear X.509 version 3 unless \fB\-x509v1\fR is given, +and key identifier extensions are included by default. .SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |