Add '-ext' option to display extensions in 'x509'

[openssl.git] / doc / man1 / x509.pod

diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 68fbf81f67263f6aa39771049253d8391f1689a0..0b7956048c0693ad581b6f9a169f1b69f2da2ae6 100644 (file)
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -53,6 +53,7 @@ B<openssl> B<x509>
 [B<-CAserial filename>]
 [B<-force_pubkey key>]
 [B<-text>]
 [B<-CAserial filename>]
 [B<-force_pubkey key>]
 [B<-text>]

+[B<-ext extensions>]

 [B<-certopt option>]
 [B<-C>]
 [B<-[digest]>]
 [B<-certopt option>]
 [B<-C>]
 [B<-[digest]>]


@@ -157,6 +158,12 @@ Prints out the certificate in text form. Full details are output including the
 public key, signature algorithms, issuer and subject names, serial number
 any extensions present and any trust settings.
 
 public key, signature algorithms, issuer and subject names, serial number
 any extensions present and any trust settings.
 

+=item B<-ext extensions>
+
+Prints out the certificate extensions in text form. Extensions are specified
+with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier".
+See the L<x509v3_config(5)> manual page for the extension names.
+

 =item B<-certopt option>
 
 Customise the output format used with B<-text>. The B<option> argument
 =item B<-certopt option>
 
 Customise the output format used with B<-text>. The B<option> argument


@@ -692,6 +699,14 @@ Display the contents of a certificate:
 
  openssl x509 -in cert.pem -noout -text
 
 
  openssl x509 -in cert.pem -noout -text
 

+Display the "Subject Alternative Name" extension of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName
+
+Display the more extensions of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
+

 Display the certificate serial number:
 
  openssl x509 -in cert.pem -noout -serial
 Display the certificate serial number:
 
  openssl x509 -in cert.pem -noout -serial