Doc fixes

[openssl.git] / doc / man1 / x509.pod

diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index b769829b77617f5df61595fe32f7ea4561ccdb86..a2cbd0dda56e6456c30783beada8d15fca07bf18 100644 (file)
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -53,12 +53,15 @@ B<openssl> B<x509>
 [B<-CAserial filename>]
 [B<-force_pubkey key>]
 [B<-text>]
+[B<-ext extensions>]
 [B<-certopt option>]
 [B<-C>]
-[B<-[digest]>]
+[B<-I<digest>>]
 [B<-clrext>]
 [B<-extfile filename>]
 [B<-extensions section>]
+[B<-rand file...>]
+[B<-writerand file>]
 [B<-engine id>]
 [B<-preserve_dates>]
 
@@ -89,12 +92,12 @@ certificate but this can change if other options such as B<-req> are
 present. The DER format is the DER encoding of the certificate and PEM
 is the base64 encoding of the DER encoding with header and footer lines
 added. The NET option is an obscure Netscape server format that is now
-obsolete.
+obsolete. The default format is PEM.
 
 =item B<-outform DER|PEM|NET>
 
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
+This specifies the output format, the options have the same meaning and default
+as the B<-inform> option.
 
 =item B<-in filename>
 
@@ -106,7 +109,7 @@ if this option is not specified.
 This specifies the output filename to write to or standard output by
 default.
 
-=item B<-[digest]>
+=item B<-I<digest>>
 
 The digest to use.
 This affects any signing or display option that uses a message
@@ -115,6 +118,19 @@ Any digest supported by the OpenSSL B<dgst> command can be used.
 If not specified then SHA1 is used with B<-fingerprint> or
 the default digest for the signing algorithm is used, typically SHA256.
 
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
 =item B<-engine id>
 
 Specifying an engine (by its unique B<id> string) will cause B<x509>
@@ -142,6 +158,12 @@ Prints out the certificate in text form. Full details are output including the
 public key, signature algorithms, issuer and subject names, serial number
 any extensions present and any trust settings.
 
+=item B<-ext extensions>
+
+Prints out the certificate extensions in text form. Extensions are specified
+with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier".
+See the L<x509v3_config(5)> manual page for the extension names.
+
 =item B<-certopt option>
 
 Customise the output format used with B<-text>. The B<option> argument
@@ -187,12 +209,12 @@ Synonym for "-subject_hash" for backward compatibility reasons.
 =item B<-subject_hash_old>
 
 Outputs the "hash" of the certificate subject name using the older algorithm
-as used by OpenSSL versions before 1.0.0.
+as used by OpenSSL before version 1.0.0.
 
 =item B<-issuer_hash_old>
 
 Outputs the "hash" of the certificate issuer name using the older algorithm
-as used by OpenSSL versions before 1.0.0.
+as used by OpenSSL before version 1.0.0.
 
 =item B<-subject>
 
@@ -677,6 +699,14 @@ Display the contents of a certificate:
 
  openssl x509 -in cert.pem -noout -text
 
+Display the "Subject Alternative Name" extension of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName
+
+Display more extensions of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
+
 Display the certificate serial number:
 
  openssl x509 -in cert.pem -noout -serial