=item B<-certopt option>
-customise the output format used with B<-text>. This option may be used more
-than once to set multiple options. See the B<OUTPUT OPTIONS> section for
-more information.
+customise the output format used with B<-text>. The B<option> argument can be
+a single option or multiple options separated by commas. The B<-certopt> switch
+may be also be used more than once to set multiple options. See the B<TEXT OPTIONS>
+section for more information.
=item B<-noout>
=item B<-nameopt option>
-option which determines how the subject or issuer names are displayed. This
-option may be used more than once to set multiple options. See the B<NAME
-OPTIONS> section for more information.
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas. Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the B<NAME OPTIONS> section for more information.
=item B<-email>
".srl" appended. For example if the CA certificate file is called
"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
-=item B<-CAcreateserial filename>
+=item B<-CAcreateserial>
with this option the CA serial number file is created if it does not exist:
it will contain the serial number "02" and the certificate being signed will
=item B<multiline>
a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
-B<spc_eq> and B<lname>.
+B<spc_eq>, B<lname> and B<align>.
=item B<esc_2253>
escape the "special" characters required by RFC2253 in a field That is
-B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginnging of a string
+B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
and a space character at the beginning or end of a string.
=item B<esc_ctrl>
dump non character string types (for example OCTET STRING) if this
option is not set then non character string types will be displayed
-as though each content octet repesents a single character.
+as though each content octet represents a single character.
=item B<dump_all>
B<oid> represents the OID in numerical form and is useful for
diagnostic purpose.
+=item B<align>
+
+align field values for a more readable output. Only usable with
+B<sep_multiline>.
+
=item B<spc_eq>
places spaces round the B<=> character which follows the field
=back
-=head1 OUTPUT OPTIONS
+=head1 TEXT OPTIONS
As well as customising the name output format, it is also possible to
customise the actual fields printed using the B<certopt> options when
the B<text> option is present. The default behaviour is to print all fields.
+=over 4
+
=item B<compatible>
use the old format. This is equivalent to specifying no output options at all.
hex dump unsupported extensions.
-=over 4
+=item B<ca_default>
+
+the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
+B<no_version>, B<no_sigdump> and B<no_signame>.
=back
Display the certificate subject name in oneline form on a terminal
supporting UTF8:
- openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
Display the certificate MD5 fingerprint: