152 This option prevents output of the encoded version of the certificate request.
161 the program will immediately exit, i.e. further option processing
166 This option generates a new certificate request. It will prompt
171 If the B<-key> option is not given it will generate a new private key
178 This option is used to generate a new private key unless B<-key> is given.
179 It is subsequently used as if it was given using the B<-key> option.
181 This option implies the B<-new> flag to create a new certificate request
189 with the B<default_bits> option is used if present, else 2048.
202 any necessary parameters should be specified via the B<-pkeyopt> option.
213 Set the public key algorithm option I<opt> to I<value>. The precise set of
220 This option provides the private key for signing a new certificate or
225 For certificate signing this option is overridden by the B<-CA> option.
227 This option also accepts PKCS#8 format private keys for PEM format files.
237 or read from B<-key>.  If neither the B<-keyout> option nor the B<-key> option
239 B<default_keyfile> option is used, if present.  Thus, if you want to write the
240 private key and the B<-key> option is provided, you should provide the
241 B<-keyout> option explicitly.  If a new key is generated and no filename is
246 If this option is specified then if a private key is created it
251 This option is deprecated since OpenSSL 3.0; use B<-noenc> instead.
292 This option has been deprecated and has no effect.
296 This option outputs a certificate instead of a certificate request.
298 It is implied by the B<-CA> option.
300 This option implies the B<-new> flag if B<-in> is not given.
302 If an existing request is specified with the B<-in> option, it is converted
305 Unless specified using the B<-set_serial> option,
308 Unless the B<-copy_extensions> option is used,
313 and/or using the B<-addext> option.
337 If this option is not provided then the key must be present in the B<-CA> input.
357 This overrides the B<-days> option.
365 Regardless of the option B<-not_before>, the days are always counted from
367 When used together with the option B<-not_after>, the explicit expiry
380 If I<arg> is B<none> or this option is not present then extensions are ignored.
384 The main use of this option is to allow a certificate request to supply
402 If an extension is added using this option that has the same OID as one
405 This option can be given multiple times.
420 This option causes field values to be interpreted as UTF8 strings, by
425 =item B<-reqopt> I<option>
427 Customise the printing format used with B<-text>. The I<option> argument can be
428 a single option or multiple options separated by commas.
471 B<-section> option.
491 This option is used in conjunction with the B<-new> option to generate
493 the B<-newkey> option. The smallest accepted key size is 512 bits. If
500 overridden by the B<-keyout> option.
514 and long names are the same when this option is used.
526 option. For compatibility B<encrypt_rsa_key> is an equivalent option.
530 This option specifies the digest algorithm to use. Any digest supported by the
531 OpenSSL B<dgst> command can be used. This option can be overridden on the
537 This option masks out the use of certain string types in certain
538 fields. Most users will not need to change this option. It can be set to
558 default B<string_mask>; B<default> is not the default option. The B<nombstr>
607 sections. If the B<prompt> option is set to B<no> then these sections
618 Alternatively if the B<prompt> option is absent or not set to B<no> then the
688 Example of a file pointed to by the B<oid_file> option:
806 it is tolerated). See the description of the command line option B<-asn1-kludge>
840 The B<-section> option was added in OpenSSL 3.0.0.
842 The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
845 The B<-engine> option was deprecated in OpenSSL 3.0.
846 The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
848 The B<-reqexts> option has been made an alias of B<-extensions> in OpenSSL 3.2.
854 Since OpenSSL 3.3, the B<-verify> option will exit with 1 on failure.

Last Index update Fri Nov 22 14:03:13 UTC 2024

Dedicated to & Maintained by Room-11