Browse Source

openssl-x509.pod.in: Reflect better that -signkey is an alias for -key option

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16440)
Dr. David von Oheimb 2 years ago
parent
commit
cc0d1b03a9
1 changed files with 10 additions and 8 deletions
  1. 10 8
      doc/man1/openssl-x509.pod.in

+ 10 - 8
doc/man1/openssl-x509.pod.in

@@ -120,14 +120,14 @@ Generate a certificate from scratch, not using an input certificate
 or certificate request. So the B<-in> option must not be used in this case.
 Instead, the B<-subj> option needs to be given.
 The public key to include can be given with the B<-force_pubkey> option
-and defaults to the key given with the B<-key> option,
+and defaults to the key given with the B<-key> (or B<-signkey>) option,
 which implies self-signature.
 
 =item B<-x509toreq>
 
 Output a PKCS#10 certificate request (rather than a certificate).
-The B<-key> option must be used to provide the private key for self-signing;
-the corresponding public key is placed in the subjectPKInfo field.
+The B<-key> (or B<-signkey>) option must be used to provide the private key for
+self-signing; the corresponding public key is placed in the subjectPKInfo field.
 
 X.509 extensions included in a certificate input are not copied by default.
 X.509 extensions to be added can be specified using the B<-extfile> option.
@@ -360,8 +360,9 @@ Check that the certificate matches the specified IP address.
 
 =item B<-set_serial> I<n>
 
-Specifies the serial number to use. This option can be used with either
-the B<-key> or B<-CA> options. If used in conjunction with the B<-CA> option
+Specifies the serial number to use.
+This option can be used with the B<-key>, B<-signkey>, or B<-CA> options.
+If used in conjunction with the B<-CA> option
 the serial number file (as specified by the B<-CAserial> option) is not used.
 
 The serial number can be decimal or hex (if preceded by C<0x>).
@@ -405,7 +406,8 @@ or certificate request.
 =item B<-force_pubkey> I<filename>
 
 When a certificate is created set its public key to the key in I<filename>
-instead of the key contained in the input or given with the B<-key> option.
+instead of the key contained in the input
+or given with the B<-key> (or B<-signkey>) option.
 
 This option is useful for creating self-issued certificates that are not
 self-signed, for instance when the key cannot be used for signing, such as DH.
@@ -451,7 +453,7 @@ for testing.
 
 The digest to use.
 This affects any signing or printing option that uses a message
-digest, such as the B<-fingerprint>, B<-key> and B<-CA> options.
+digest, such as the B<-fingerprint>, B<-key>, and B<-CA> options.
 Any digest supported by the L<openssl-dgst(1)> command can be used.
 If not specified then SHA1 is used with B<-fingerprint> or
 the default digest for the signing algorithm is used, typically SHA256.
@@ -469,7 +471,7 @@ When present, this behaves like a "micro CA" as follows:
 The subject name of the "CA" certificate is placed as issuer name in the new
 certificate, which is then signed using the "CA" key given as detailed below.
 
-This option cannot be used in conjunction with the B<-key> option.
+This option cannot be used in conjunction with B<-key> (or B<-signkey>).
 This option is normally combined with the B<-req> option referencing a CSR.
 Without the B<-req> option the input must be an existing certificate
 unless the B<-new> option is given, which generates a certificate from scratch.