openssl ca -help
-
Certificate Authority (CA) Management.
$ openssl ca -help Usage: ca [options] Valid options are: -help Display this summary -verbose Verbose output during processing -config val A config file -name val The particular CA definition to use -subj val Use arg instead of request's subject -utf8 Input characters are UTF8 (default ASCII) -create_serial If reading serial fails, create a new random serial -rand_serial Always create a random serial; do not store it -multivalue-rdn Enable support for multivalued RDNs -startdate val Cert notBefore, YYMMDDHHMMSSZ -enddate val YYMMDDHHMMSSZ cert notAfter (overrides -days) -days +int Number of days to certify the cert for -md val md to use; one of md2, md5, sha or sha1 -policy val The CA 'policy' to support -keyfile val Private key -keyform format Private key file format (PEM or ENGINE) -passin val Input file pass phrase source -key val Key to decode the private key if it is encrypted -cert infile The CA cert -selfsign Sign a cert with the key associated with it -in infile The input PEM encoded cert request(s) -out outfile Where to put the output file(s) -outdir dir Where to put output cert -sigopt val Signature parameter in n:v form -notext Do not print the generated certificate -batch Don't ask questions -preserveDN Don't re-order the DN -noemailDN Don't add the EMAIL field to the DN -gencrl Generate a new CRL -msie_hack msie modifications to handle all those universal strings -crldays +int Days until the next CRL is due -crlhours +int Hours until the next CRL is due -crlsec +int Seconds until the next CRL is due -infiles The last argument, requests to process -ss_cert infile File contains a self signed cert to sign -spkac infile File contains DN and signed public key and challenge -revoke infile Revoke a cert (given in file) -valid val Add a Valid(not-revoked) DB entry about a cert (given in file) -extensions val Extension section (override value in config file) -extfile infile Configuration file with X509v3 extensions to add -status val Shows cert status given the serial number -updatedb Updates db for expired cert -crlexts val CRL extension section (override value in config file) -crl_reason val revocation reason -crl_hold val the hold instruction, an OID. Sets revocation reason to certificateHold -crl_compromise val sets compromise time to val and the revocation reason to keyCompromise -crl_CA_compromise val sets compromise time to val and the revocation reason to CACompromise -rand val Load the file(s) into the random number generator -writerand outfile Write random data to the specified file -engine val Use engine, possibly a hardware device
© Lightnetics 2024