=head1 NAME
+openssl-ca,
ca - sample minimal CA application
=head1 SYNOPSIS
[B<-subj arg>]
[B<-utf8>]
[B<-create_serial>]
+[B<-rand_serial>]
[B<-multivalue-rdn>]
[B<-rand file...>]
[B<-writerand file>]
If reading serial from the text file as specified in the configuration
fails, specifying this option creates a new random serial to be used as next
serial number.
+To get random serial numbers, use the B<-rand_serial> flag instead; this
+should only be used for simple error-recovery.
+
+=item B<-rand_serial>
+
+Generate a large random number to use as the serial number.
+This overrides any option or configuration to use a serial number file.
=item B<-multivalue-rdn>
it's recommended to use the value B<no>, especially if combined with
the B<-selfsign> command line option.
+Note that it is valid in some circumstances for certificates to be created
+without any subject. In the case where there are multiple certificates without
+subjects this does not count as a duplicate.
+
=item B<serial>
A text file containing the next serial number to use in hex. Mandatory.
certificate = $dir/cacert.pem # The CA cert
serial = $dir/serial # serial no file
+ #rand_serial = yes # for random serial#'s
private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy