X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman1%2Freq.pod;h=db467bba17f0447f88b19d11f579f35a1f4518ae;hp=aec2ada807975ed8939a82b018347004d8c71947;hb=bfa470a4f64313651a35571883e235d3335054eb;hpb=7477c83e150ace0df91df92bc935ccaebddf8dd8 diff --git a/doc/man1/req.pod b/doc/man1/req.pod index aec2ada807..db467bba17 100644 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-req, req - PKCS#10 certificate request and certificate generating utility =head1 SYNOPSIS @@ -29,13 +30,14 @@ B B [B<-keyform PEM|DER>] [B<-keyout filename>] [B<-keygen_engine id>] -[B<-[digest]>] +[B<-I>] [B<-config filename>] [B<-multivalue-rdn>] [B<-x509>] [B<-days n>] [B<-set_serial n>] [B<-newhdr>] +[B<-addext ext>] [B<-extensions section>] [B<-reqexts section>] [B<-precert>] @@ -198,7 +200,7 @@ configuration file is used. If this option is specified then if a private key is created it will not be encrypted. -=item B<-[digest]> +=item B<-I> This specifies the message digest to sign the request. Any digest supported by the OpenSSL B command can be used. @@ -246,13 +248,22 @@ to the self signed certificate otherwise new request is created. =item B<-days n> When the B<-x509> option is being used this specifies the number of -days to certify the certificate for. The default is 30 days. +days to certify the certificate for, otherwise it is ignored. B should +be a positive integer. The default is 30 days. =item B<-set_serial n> Serial number to use when outputting a self signed certificate. This may be specified as a decimal value or a hex value if preceded by B<0x>. +=item B<-addext ext> + +Add a specific extension to the certificate (if the B<-x509> option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. + +This option can be given multiple times. + =item B<-extensions section> =item B<-reqexts section> @@ -589,6 +600,14 @@ Sample configuration containing all field values: [ req_attributes ] challengePassword = A challenge password +Example of giving the most common attributes (subject and extensions) +on the command line: + + openssl req -new -subj "/C=GB/CN=foo" \ + -addext "subjectAltName = DNS:foo.co.uk" \ + -addext "certificatePolicies = 1.2.3.4" \ + -newkey rsa:2048 -keyout key.pem -out req.pem + =head1 NOTES