[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
-[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
-[B<-CAform> B<DER>|B<PEM>]
-[B<-CAkeyform> B<DER>|B<PEM>|B<ENGINE>]
+[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
+[B<-CAform> B<DER>|B<PEM>|B<P12>]
+[B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-serial>]
Print out a usage message.
-=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
+=item B<-inform> B<DER>|B<PEM>
-The input and formats; the default is B<PEM>.
+The CSR input format; the default is B<PEM>.
See L<openssl(1)/Format Options> for details.
-The input is normally an X.509 certificate, but this can change if other
-options such as B<-req> are used.
+The input is normally an X.509 certificate file of any format,
+but this can change if other options such as B<-req> are used.
+
+B<-outform> B<DER>|B<PEM>
+
+The output format; the default is B<PEM>.
+See L<openssl(1)/Format Options> for details.
=item B<-in> I<filename>
=item B<-signkey> I<arg>
This option causes the input file to be self signed using the supplied
-private key or engine. The private key's format is specified with the
-B<-keyform> option.
+private key or engine.
It sets the issuer name to the subject name (i.e., makes it self-issued)
and changes the public key to the supplied value (unless overridden by
the B<-signkey> or the B<-CA> options). Normally all extensions are
retained.
-=item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
+=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key format; the default is B<PEM>.
+The only value with effect is B<ENGINE>; all others have become obsolete.
See L<openssl(1)/Format Options> for details.
-=item B<-CAform> B<DER>|B<PEM>, B<-CAkeyform> B<DER>|B<PEM>|B<ENGINE>
+=item B<-CAform> B<DER>|B<PEM>|B<P12>,
+
+The format for the CA certificate.
+This option has no effect and is retained for backward compatibility.
-The format for the CA certificate and key; the default is B<PEM>.
+=item B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
+
+The format for the CA key; the default is B<PEM>.
+The only value with effect is B<ENGINE>; all others have become obsolete.
See L<openssl(1)/Format Options> for details.
=item B<-days> I<arg>
It can also be used in conjunction with b<-new> and B<-subj> to directly
generate a certificate containing any desired public key.
-The format of the key file can be specified using the B<-keyform> option.
-
=item B<-subj> I<arg>
When a certificate is created set its subject name to the given value.
version of the DN using SHA1. This means that any directories using the old
form must have their links rebuilt using L<openssl-rehash(1)> or similar.
+All B<-keyform> and B<-CAkeyform> values except B<ENGINE>
+have become obsolete in OpenSSL 3.0.0 and have no effect.
+
+The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
+
=head1 COPYRIGHT
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.