=head1 NAME
-req - PKCS#10 certificate and certificate generating utility.
+req - PKCS#10 certificate request and certificate generating utility.
=head1 SYNOPSIS
[B<-verify>]
[B<-modulus>]
[B<-new>]
+[B<-rand file(s)>]
[B<-newkey rsa:bits>]
[B<-newkey dsa:file>]
[B<-nodes>]
[B<-keyout filename>]
[B<-[md5|sha1|md2|mdc2]>]
[B<-config filename>]
+[B<-subj arg>]
[B<-x509>]
[B<-days n>]
+[B<-set_serial n>]
[B<-asn1-kludge>]
[B<-newhdr>]
[B<-extensions section>]
[B<-reqexts section>]
+[B<-batch>]
+[B<-verbose>]
=head1 DESCRIPTION
If the B<-key> option is not used it will generate a new RSA private
key using information specified in the configuration file.
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
=item B<-newkey arg>
this option creates a new certificate request and a new private
this overrides the compile time filename or any specified in
the B<OPENSSL_CONF> environment variable.
+=item B<-subj arg>
+
+sets subject name for new request or supersedes the subject name
+when processing a request.
+
=item B<-x509>
this option outputs a self signed certificate instead of a certificate
request. This is typically used to generate a test certificate or
a self signed root CA. The extensions added to the certificate
-(if any) are specified in the configuration file.
+(if any) are specified in the configuration file. Unless specified
+using the B<set_serial> option B<0> will be used for the serial
+number.
=item B<-days n>
when the B<-x509> option is being used this specifies the number of
days to certify the certificate for. The default is 30 days.
+=item B<-set_serial n>
+
+serial number to use when outputting a self signed certifcate. This
+may be specified as a decimal value or a hex value if preceded by B<0x>.
+It is possible to use negative serial numbers but this is not recommended.
+
=item B<-extensions section>
=item B<-reqexts section>
Adds the word B<NEW> to the PEM file header and footer lines on the outputed
request. Some software (Netscape certificate server) and some CAs need this.
+=item B<-batch>
+
+non-interactive mode.
+
+=item B<-verbose>
+
+print extra details about the operations being performed.
+
=back
=head1 CONFIGURATION FILE FORMAT