X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fca.pod;h=f50fe9c8ed6fcb12c336aa51c8dc563e12e03232;hp=c2ca8f2400df0009359f269d8f6804c56ef63a3b;hb=d618f703ec18f1012a096a110637f8769d1e6cb3;hpb=896e4fef30ab773fd06f531276ac954992d11657 diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index c2ca8f2400..f50fe9c8ed 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -13,6 +13,10 @@ B B [B<-name section>] [B<-gencrl>] [B<-revoke file>] +[B<-crl_reason reason>] +[B<-crl_hold instruction>] +[B<-crl_compromise time>] +[B<-crl_CA_compromise time>] [B<-subj arg>] [B<-crldays days>] [B<-crlhours hours>] @@ -74,7 +78,7 @@ a single self signed certificate to be signed by the CA. =item B<-spkac filename> a file containing a single Netscape signed public key and challenge -and additional field values to be signed by the CA. See the B +and additional field values to be signed by the CA. See the B section for information on the required format. =item B<-infiles> @@ -214,6 +218,33 @@ the number of hours before the next CRL is due. a filename containing a certificate to revoke. +=item B<-crl_reason reason> + +revocation reason, where B is one of: B, B, +B, B, B, B, +B or B. The matching of B is case +insensitive. Setting any revocation reason will make the CRL v2. + +In practive B is not particularly useful because it is only used +in delta CRLs which are not currently implemented. + +=item B<-crl_hold instruction> + +This sets the CRL revocation reason code to B and the hold +instruction to B which must be an OID. Although any OID can be +used only B (the use of which is discouraged by RFC2459) +B or B will normally be used. + +=item B<-crl_compromise time> + +This sets the revocation reason to B and the compromise time to +B