[B<-help>]
[B<-newcert>]
[B<-newreq>]
+[B<-newreq-nodes>]
[B<-newca>]
[B<-xsign>]
[B<-sign>]
=item B<-newcert>
-creates a new self signed certificate. The private key and certificate are
-written to the file "newreq.pem".
+creates a new self signed certificate. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
=item B<-newreq>
-creates a new certificate request. The private key and request are
-written to the file "newreq.pem".
+creates a new certificate request. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
+
+=item B<-newreq-nodes>
+
+is like B<-newreq> except that the private key will not be encrypted.
=item B<-newca>
"newcert.pem" except in the case of the B<-xsign> option when it is written
to standard output.
+
+=item B<-signCA>
+
+this option is the same as the B<-signreq> option except it uses the configuration
+file section B<v3_ca> and so makes the signed request a valid CA certificate. This
+is useful when creating intermediate CA from a root CA.
+
=item B<-signcert>
this option is the same as B<-sign> except it expects a self signed certificate