Fix nits in pod files.

[thirdparty/openssl.git] / doc / apps / x509.pod

diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index ce6f5f7e63187cd89ea600c306fa1ae029e5b214..eb6d06d7b704c84873f904d6977839a6197b2778 100644 (file)
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME
@@ -93,7 +92,7 @@ obsolete.
 
 =item B<-outform DER|PEM|NET>
 
-This specifies the output format, the options have the same meaning as the 
+This specifies the output format, the options have the same meaning as the
 B<-inform> option.
 
 =item B<-in filename>
@@ -322,7 +321,7 @@ can thus behave like a "mini CA".
 =item B<-signkey filename>
 
 this option causes the input file to be self signed using the supplied
-private key. 
+private key.
 
 If the input file is a certificate it sets the issuer name to the
 subject name (i.e.  makes it self signed) changes the public key to the
@@ -403,7 +402,7 @@ an even number of hex digits with the serial number to use. After each
 use the serial number is incremented and written out to the file again.
 
 The default filename consists of the CA certificate file base name with
-".srl" appended. For example if the CA certificate file is called 
+".srl" appended. For example if the CA certificate file is called
 "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
 
 =item B<-CAcreateserial>
@@ -707,20 +706,20 @@ Convert a certificate request into a self signed certificate using
 extensions for a CA:
 
  openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
-       -signkey key.pem -out cacert.pem
+        -signkey key.pem -out cacert.pem
 
 Sign a certificate request using the CA certificate above and add user
 certificate extensions:
 
  openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
-       -CA cacert.pem -CAkey key.pem -CAcreateserial
+        -CA cacert.pem -CAkey key.pem -CAcreateserial
 
 
 Set a certificate to be trusted for SSL client use and change set its alias to
 "Steve's Class 1 CA"
 
  openssl x509 -in cert.pem -addtrust clientAuth \
-       -setalias "Steve's Class 1 CA" -out trust.pem
+        -setalias "Steve's Class 1 CA" -out trust.pem
 
 =head1 NOTES
 
@@ -854,7 +853,7 @@ if the keyUsage extension is present.
 The extended key usage extension must be absent or include the "email
 protection" OID. Netscape certificate type must be absent or must have the
 S/MIME CA bit set: this is used as a work around if the basicConstraints
-extension is absent. 
+extension is absent.
 
 =item B<CRL Signing>
 
@@ -884,7 +883,7 @@ dates rather than an offset from the current time.
 
 L<req(1)>, L<ca(1)>, L<genrsa(1)>,
 L<gendsa(1)>, L<verify(1)>,
-L<x509v3_config(5)> 
+L<x509v3_config(5)>
 
 =head1 HISTORY
 
@@ -892,7 +891,7 @@ The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
 before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
 of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
 canonical version of the DN using SHA1. This means that any directories using
-the old form must have their links rebuilt using B<c_rehash> or similar. 
+the old form must have their links rebuilt using B<c_rehash> or similar.
 
 =cut