[B<-policy arg>]
[B<-keyfile arg>]
[B<-key arg>]
+[B<-passin arg>]
[B<-cert file>]
[B<-in file>]
[B<-out file>]
+[B<-notext>]
[B<-outdir dir>]
[B<-infiles>]
[B<-spkac file>]
systems the command line arguments are visible (e.g. Unix with
the 'ps' utility) this option should be used with caution.
+=item B<-passin arg>
+
+the key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-verbose>
this prints extra details about the operations being performed.
+=item B<-notext>
+
+don't output the text form of a certificate to the output file.
+
=item B<-startdate date>
this allows the start date to be explicitly set. The format of the
=item B<RANDFILE>
-a file used to read and write random number seed information.
+a file used to read and write random number seed information, or
+an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
=item B<default_days>
Sign a certificate request:
-openssl ca -in req.pem -out newcert.pem
+ openssl ca -in req.pem -out newcert.pem
+
+Sign a certificate request, using CA extensions:
+
+ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
Generate a CRL
-openssl ca -gencrl -out crl.pem
+ openssl ca -gencrl -out crl.pem
Sign several requests:
-openssl ca -infiles req1.pem req2.pem req3.pem
+ openssl ca -infiles req1.pem req2.pem req3.pem
Certify a Netscape SPKAC:
-openssl ca -spkac spkac.txt
+ openssl ca -spkac spkac.txt
A sample SPKAC file (the SPKAC line has been truncated for clarity):
=head1 SEE ALSO
-req(1), spkac(1), x509(1), CA.pl(1), config(5)
+L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>,
+L<config(5)|config(5)>
=cut