[B<-keypbe>]
[B<-keyex>]
[B<-keysig>]
-[B<-password password>]
-[B<-envpass var>]
-[B<-passin password>]
-[B<-envpassin var>]
-[B<-passout password>]
-[B<-envpassout var>]
+[B<-password arg>]
+[B<-passin arg>]
+[B<-passout arg>]
[B<-rand file(s)>]
=head1 DESCRIPTION
The filename to write certificates and private keys to, standard output by default.
They are all written in PEM format.
-=item B<-pass password>, B<-passin password>
+=item B<-pass arg>, B<-passin arg>
-the PKCS#12 file (i.e. input file) password. Since certain utilities like "ps" make
-the command line visible this option should be used with caution.
+the PKCS#12 file (i.e. input file) password source. For more information about the
+format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
-=item B<-envpass var>, B<-envpassin password>
+=item B<-passout arg>
-read the PKCS#12 file password from the environment variable B<var>.
-
-=item B<-passout password>
-
-pass phrase to encrypt any outputed private keys with. Since certain utilities like
-"ps" make the command line visible this option should be used with caution.
-
-=item B<-envpass var>, B<-envpassin password>
-
-read the outputed private keys file password from the environment variable B<var>.
+pass phrase source to encrypt any outputed private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
=item B<-noout>
appear. Netscape ignores friendly names on other certificates whereas MSIE
displays them.
-=item B<-pass password>, B<-passout password>
+=item B<-pass arg>, B<-passout arg>
-the PKCS#12 file (i.e. output file) password. Since certain utilities like "ps"
-make the command line visible this option should be used with caution.
-
-=item B<-envpass var>, B<-envpassout var>
-
-read the PKCS#12 file password from the environment variable B<var>.
+the PKCS#12 file (i.e. output file) password source. For more information about
+the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
=item B<-passin password>
-pass phrase to decrypt the input private key with. Since certain utilities like
-"ps" make the command line visible this option should be used with caution.
-
-=item B<-envpassin password>
-
-read the input private key file password from the environment variable B<var>.
+pass phrase source to decrypt any input private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
=item B<-chain>
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
-generator. Multiple files can be specified separated by a OS-dependent
-character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
-B<,>. For all others, it's B<:>.
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
=back