- {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the key to put inside certificate"},
- {"subj", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)"},
-
- OPT_SECTION("CA"),
- {"CA", OPT_CA, '<', "Set the CA certificate, must be PEM format"},
- {"CAkey", OPT_CAKEY, 's',
- "The CA key, must be PEM format; if not in CAfile"},
- {"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"},
- OPT_R_OPTIONS,
- {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
- {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
- {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+
+ OPT_SECTION("Certificate output"),
+ {"set_serial", OPT_SET_SERIAL, 's',
+ "Serial number to use, overrides -CAserial"},
+ {"next_serial", OPT_NEXT_SERIAL, '-',
+ "Increment current certificate serial number"},
+ {"not_before", OPT_NOT_BEFORE, 's',
+ "[CC]YYMMDDHHMMSSZ value for notBefore certificate field"},
+ {"not_after", OPT_NOT_AFTER, 's',
+ "[CC]YYMMDDHHMMSSZ value for notAfter certificate field, overrides -days"},
+ {"days", OPT_DAYS, 'n',
+ "Number of days until newly generated certificate expires - default 30"},
+ {"preserve_dates", OPT_PRESERVE_DATES, '-',
+ "Preserve existing validity dates"},
+ {"set_issuer", OPT_ISSU, 's', "Set or override certificate issuer"},
+ {"set_subject", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)"},
+ {"subj", OPT_SUBJ, 's', "Alias for -set_subject"},
+ {"force_pubkey", OPT_FORCE_PUBKEY, '<',
+ "Key to be placed in new certificate or certificate request"},
+ {"clrext", OPT_CLREXT, '-',
+ "Do not take over any extensions from the source certificate or request"},
+ {"extfile", OPT_EXTFILE, '<', "Config file with X509V3 extensions to add"},
+ {"extensions", OPT_EXTENSIONS, 's',
+ "Section of extfile to use - default: unnamed section"},
+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter, in n:v form"},
+ {"badsig", OPT_BADSIG, '-',
+ "Corrupt last byte of certificate signature (for test)"},
+ {"", OPT_MD, '-', "Any supported digest, used for signing and printing"},
+
+ OPT_SECTION("Micro-CA"),
+ {"CA", OPT_CA, '<',
+ "Use the given CA certificate, conflicts with -key"},
+ {"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"},
+ {"CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg"},
+ {"CAkeyform", OPT_CAKEYFORM, 'E',
+ "CA key format (ENGINE, other values ignored)"},
+ {"CAserial", OPT_CASERIAL, 's',
+ "File that keeps track of CA-generated serial number"},