=pod =head1 NAME x509 - Certificate display and signing utility =head1 SYNOPSIS B B [B<-inform DER|PEM|NET>] [B<-outform DER|PEM|NET>] [B<-keyform DER|PEM>] [B<-CAform DER|PEM>] [B<-CAkeyform DER|PEM>] [B<-in filename>] [B<-out filename>] [B<-serial>] [B<-hash>] [B<-subject_hash>] [B<-issuer_hash>] [B<-ocspid>] [B<-subject>] [B<-issuer>] [B<-nameopt option>] [B<-email>] [B<-ocsp_uri>] [B<-startdate>] [B<-enddate>] [B<-purpose>] [B<-dates>] [B<-checkend num>] [B<-modulus>] [B<-fingerprint>] [B<-alias>] [B<-noout>] [B<-trustout>] [B<-clrtrust>] [B<-clrreject>] [B<-addtrust arg>] [B<-addreject arg>] [B<-setalias arg>] [B<-days arg>] [B<-set_serial n>] [B<-signkey filename>] [B<-passin arg>] [B<-x509toreq>] [B<-req>] [B<-CA filename>] [B<-CAkey filename>] [B<-CAcreateserial>] [B<-CAserial filename>] [B<-text>] [B<-certopt option>] [B<-C>] [B<-md2|-md5|-sha1|-mdc2>] [B<-clrext>] [B<-extfile filename>] [B<-extensions section>] [B<-engine id>] =head1 DESCRIPTION The B command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings. Since there are a large number of options they will split up into various sections. =head1 OPTIONS =head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS =over 4 =item B<-inform DER|PEM|NET> This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as B<-req> are present. The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines added. The NET option is an obscure Netscape server format that is now obsolete. =item B<-outform DER|PEM|NET> This specifies the output format, the options have the same meaning as the B<-inform> option. =item B<-in filename> This specifies the input filename to read a certificate from or standard input if this option is not specified. =item B<-out filename> This specifies the output filename to write to or standard output by default. =item B<-md2|-md5|-sha1|-mdc2> the digest to use. This affects any signing or display option that uses a message digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not specified then SHA1 is used. If the key being used to sign with is a DSA key then this option has no effect: SHA1 is always used with DSA keys. =item B<-engine id> specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. =back =head2 DISPLAY OPTIONS Note: the B<-alias> and B<-purpose> options are also display options but are described in the B section. =over 4 =item B<-text> prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings. =item B<-certopt option> customise the output format used with B<-text>. The B