[B<-extfile> I<filename>]
[B<-extensions> I<section>]
[B<-sigopt> I<nm>:I<v>]
-[B<-rand> I<file...>]
+[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-preserve_dates>]
If not specified then SHA1 is used with B<-fingerprint> or
the default digest for the signing algorithm is used, typically SHA256.
-=item B<-rand> I<file...>
+=item B<-rand> I<files>
-A file or files containing random data used to seed the random number
-generator.
+The files containing random data used to seed the random number generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
=item B<-engine> I<id>
-Specifying an engine (by its unique B<id> string) will cause B<x509>
+Specifying an engine (by its unique I<id> string) will cause B<x509>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-certopt> I<option>
-Customise the output format used with B<-text>. The B<option> argument
+Customise the output format used with B<-text>. The I<option> argument
can be a single option or multiple options separated by commas. The
B<-certopt> switch may be also be used more than once to set multiple
options. See the B<TEXT OPTIONS> section for more information.
=item B<-nameopt> I<option>
Option which determines how the subject or issuer names are displayed. The
-B<option> argument can be a single option or multiple options separated by
+I<option> argument can be a single option or multiple options separated by
commas. Alternatively the B<-nameopt> switch may be used more than once to
set multiple options. See the B<NAME OPTIONS> section for more information.
=item B<-checkend> I<arg>
-Checks if the certificate expires within the next B<arg> seconds and exits
+Checks if the certificate expires within the next I<arg> seconds and exits
nonzero if yes it will expire or zero if not.
=item B<-fingerprint>
=item B<-passin> I<arg>
-The key password source. For more information about the format of B<arg>
+The key password source. For more information about the format of I<arg>
see L<openssl(1)/Pass phrase options>.
=item B<-clrext>
=item B<-force_pubkey> I<filename>
-When a certificate is created set its public key to the key in B<filename>
+When a certificate is created set its public key to the key in I<filename>
instead of the key contained in the input or given with the B<-signkey> option.
This option is useful for creating self-issued certificates that are not
=head2 Name Options
-The B<nameopt> command line switch determines how the subject and issuer
-names are displayed. If no B<nameopt> switch is present the default "oneline"
+The B<-nameopt> command line switch determines how the subject and issuer
+names are displayed. If no B<-nameopt> switch is present the default "oneline"
format is used which is compatible with previous versions of OpenSSL.
Each option is described in detail below, all options can be preceded by
a B<-> to turn the option off. Only the first four will normally be used.