- "Cert extension section (override value in config file)"},
- {"reqexts", OPT_REQEXTS, 's',
- "Request extension section (override value in config file)"},
- {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"},
+ "Cert or request extension section (override value in config file)"},
+ {"reqexts", OPT_REQEXTS, 's', "An alias for -extensions"},
+ {"addext", OPT_ADDEXT, 's',
+ "Additional cert extension key=value pair (may be given more than once)"},
+ {"precert", OPT_PRECERT, '-', "Add a poison extension to generated cert (implies -new)"},
+
+ OPT_SECTION("Keys and Signing"),
+ {"key", OPT_KEY, 's', "Key for signing, and to include unless -in given"},
+ {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
+ {"pubkey", OPT_PUBKEY, '-', "Output public key"},
+ {"keyout", OPT_KEYOUT, '>', "File to write private key to"},
+ {"passin", OPT_PASSIN, 's', "Private key and certificate password source"},
+ {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ {"newkey", OPT_NEWKEY, 's',
+ "Generate new key with [<alg>:]<nbits> or <alg>[:<file>] or param:<file>"},
+ {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+ {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"},