[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
-=for comment ifdef engine keygen_engine sm2-id sm2-hex-id
+=for openssl ifdef engine keygen_engine sm2-id sm2-hex-id
=head1 DESCRIPTION
Print out a usage message.
-=item B<-inform> B<DER>|B<PEM>
+=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
-This specifies the input format. The B<DER> option uses an ASN1 DER encoded
-form compatible with the PKCS#10. The B<PEM> form is the default format: it
-consists of the B<DER> format base64 encoded with additional header and
-footer lines.
+The input and formats; the default is B<PEM>.
+See L<openssl(1)/Format Options> for details.
-=item B<-outform> B<DER>|B<PEM>
-
-This specifies the output format, the options have the same meaning and default
-as the B<-inform> option.
+The data is a PKCS#10 object.
=item B<-in> I<filename>
Pass options to the signature algorithm during sign or verify operations.
Names and values of these options are algorithm-specific.
-=item B<-passin> I<arg>
+=item B<-passin> I<arg>, B<-passout> I<arg>
-The input file password source. For more information about the format of B<arg>
-see L<openssl(1)/Pass phrase options>.
+The password source for the input and output file.
+For more information about the format of B<arg>
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out> I<filename>
This specifies the output filename to write to or standard output by
default.
-=item B<-passout> I<arg>
-
-The output file password source. For more information about the format of B<arg>
-see L<openssl(1)/Pass phrase options>.
-
=item B<-text>
Prints out the certificate request in text form.
If the B<-key> option is not used it will generate a new RSA private
key using information specified in the configuration file.
-=item B<-rand> I<files>
-
-The files containing random data used to seed the random number generator.
-Multiple files can be specified separated by an OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-writerand> I<file>
+=item B<-rand> I<files>, B<-writerand> I<file>
-Writes random data to the specified I<file> upon exit.
-This can be used with a subsequent B<-rand> flag.
+See L<openssl(1)/Random State Options> for more information.
=item B<-newkey> I<arg>
=item B<-keyform> B<DER>|B<PEM>
-The format of the private key file specified in the B<-key>
-argument. PEM is the default.
+The format of the private key; the default is B<PEM>.
+See L<openssl(1)/Format Options> for details.
=item B<-keyout> I<filename>
Sets subject name for new request or supersedes the subject name
when processing a request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
+The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
Keyword characters may be escaped by \ (backslash), and whitespace is retained.
Empty values are permitted, but the corresponding type will not be included
in the request.
This option causes the -subj argument to be interpreted with full
support for multivalued RDNs. Example:
-I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
+C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
-If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
+If -multi-rdn is not used then the UID value is C<123456+CN=John Doe>.
=item B<-x509>
=item B<-set_serial> I<n>
Serial number to use when outputting a self signed certificate. This
-may be specified as a decimal value or a hex value if preceded by B<0x>.
+may be specified as a decimal value or a hex value if preceded by C<0x>.
=item B<-addext> I<ext>
Option which determines how the subject or issuer names are displayed. The
I<option> argument can be a single option or multiple options separated by
commas. Alternatively the B<-nameopt> switch may be used more than once to
-set multiple options. See the L<x509(1)> manual page for details.
+set multiple options. See the L<openssl-x509(1)> manual page for details.
=item B<-reqopt> I<option>
Customise the output format used with B<-text>. The I<option> argument can be
a single option or multiple options separated by commas.
-See discussion of the B<-certopt> parameter in the L<x509(1)>
+See discussion of the B<-certopt> parameter in the L<openssl-x509(1)>
command.
=item B<-newhdr>
=head1 NOTES
-The header and footer lines in the B<PEM> format are normally:
-
- -----BEGIN CERTIFICATE REQUEST-----
- -----END CERTIFICATE REQUEST-----
-
-some software (some versions of Netscape certificate server) instead needs:
-
- -----BEGIN NEW CERTIFICATE REQUEST-----
- -----END NEW CERTIFICATE REQUEST-----
-
-which is produced with the B<-newhdr> option but is otherwise compatible.
-Either form is accepted transparently on input.
-
The certificate requests generated by B<Xenroll> with MSIE have extensions
added. It includes the B<keyUsage> extension which determines the type of
key (signature only or general purpose) and any additional OIDs entered
-by the script in an extendedKeyUsage extension.
+by the script in an B<extendedKeyUsage> extension.
=head1 DIAGNOSTICS
Using configuration from /some/path/openssl.cnf
Unable to load config info
-This is followed some time later by...
+This is followed some time later by:
unable to find 'distinguished_name' in config
problems making Certificate Request