Add '-ext' option to display extensions in 'x509'

[openssl.git] / doc / man1 / x509.pod

diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 68fbf81f67263f6aa39771049253d8391f1689a0..0b7956048c0693ad581b6f9a169f1b69f2da2ae6 100644 (file)
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -53,6 +53,7 @@ B<openssl> B<x509>
 [B<-CAserial filename>]
 [B<-force_pubkey key>]
 [B<-text>]
+[B<-ext extensions>]
 [B<-certopt option>]
 [B<-C>]
 [B<-[digest]>]
@@ -157,6 +158,12 @@ Prints out the certificate in text form. Full details are output including the
 public key, signature algorithms, issuer and subject names, serial number
 any extensions present and any trust settings.
 
+=item B<-ext extensions>
+
+Prints out the certificate extensions in text form. Extensions are specified
+with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier".
+See the L<x509v3_config(5)> manual page for the extension names.
+
 =item B<-certopt option>
 
 Customise the output format used with B<-text>. The B<option> argument
@@ -692,6 +699,14 @@ Display the contents of a certificate:
 
  openssl x509 -in cert.pem -noout -text
 
+Display the "Subject Alternative Name" extension of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName
+
+Display the more extensions of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
+
 Display the certificate serial number:
 
  openssl x509 -in cert.pem -noout -serial