=head1 NAME
-openssl - OpenSSL command line tool
+openssl - OpenSSL command line program
=head1 SYNOPSIS
v2/v3) and Transport Layer Security (TLS v1) network protocols and related
cryptography standards required by them.
-The B<openssl> program is a command line tool for using the various
+The B<openssl> program is a command line program for using the various
cryptography functions of OpenSSL's B<crypto> library from the shell.
It can be used for
=item B<cms>
-CMS (Cryptographic Message Syntax) utility.
+CMS (Cryptographic Message Syntax) command.
=item B<crl>
=item B<ocsp>
-Online Certificate Status Protocol utility.
+Online Certificate Status Protocol command.
=item B<passwd>
=item B<pkcs8>
-PKCS#8 format private key conversion tool.
+PKCS#8 format private key conversion command.
=item B<pkey>
=item B<pkeyutl>
-Public key algorithm cryptographic operation utility.
+Public key algorithm cryptographic operation command.
=item B<prime>
=item B<rsautl>
-RSA utility for signing, verification, encryption, and decryption. Superseded
+RSA command for signing, verification, encryption, and decryption. Superseded
by L<openssl-pkeyutl(1)>.
=item B<s_client>
=item B<spkac>
-SPKAC printing and generating utility.
+SPKAC printing and generating command.
=item B<srp>
=item B<storeutl>
-Utility to list and display certificates, keys, CRLs, etc.
+Command to list and display certificates, keys, CRLs, etc.
=item B<ts>
-Time Stamping Authority tool (client/server).
+Time Stamping Authority command.
=item B<verify>
=head2 Random State Options
-Prior to OpenSSL 3.0, it was common for applications to store information
+Prior to OpenSSL 1.1.1, it was common for applications to store information
about the state of the random-number generator in a file that was loaded
at startup and rewritten upon exit. On modern operating systems, this is
-generally no longer necessary as OpenSSL will seed itself from the
-appropriate CPU flags, device files, and so on. These flags are still
+generally no longer necessary as OpenSSL will seed itself from a trusted
+entropy source provided by the operating system. These flags are still
supported for special platforms or circumstances that might require them.
It is generally an error to use the same seed file more than once and
Parse I<file> as a set of one or more certificates in PEM format.
All certificates must be self-signed, unless the
B<-partial_chain> option is specified.
-This option implies the B<-no-CAfile> and B<-no-CApath> options and it
-cannot be used with either the B<-CAfile> or B<-CApath> options, so
+This option implies the B<-no-CAfile>, B<-no-CApath>, and B<-no-CAstore> options
+and it cannot be used with the B<-CAfile>, B<-CApath> or B<-CAstore> options, so
only certificates in the file are trust anchors.
This option may be used multiple times.