openssl-x509.pod.in: fix description of certificate serial number storage

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)

diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index ee1aa4492f821102a528653bc5204a0340a5ee4e..ef4ebfd64993e1435e1a1be0f57fa08cc23dc4bd 100644 (file)
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -496,18 +496,18 @@ See L<openssl-format-options(1)> for details.
 
 Sets the CA serial number file to use.
 
-When the B<-CA> option is used to sign a certificate it uses a serial
-number specified in a file. This file consists of one line containing
-an even number of hex digits with the serial number to use. After each
-use the serial number is incremented and written out to the file again.
+When creating a certificate with this option, the certificate serial number
+is stored in the given file. This file consists of one line containing
+an even number of hex digits with the serial number used last time.
+After reading this number, it is incremented and used, and the file is updated.
 
 The default filename consists of the CA certificate file base name with
 F<.srl> appended. For example if the CA certificate file is called
 F<mycacert.pem> it expects to find a serial number file called
 F<mycacert.srl>.
 
-If the B<-CA> option is specified and both the <-CAserial> and <-CAcreateserial>
-options are not given and the default serial number file does not exist,
+If the B<-CA> option is specified and neither <-CAserial> or <-CAcreateserial>
+is given and the default serial number file does not exist,
 a random number is generated; this is the recommended practice.
 
 =item B<-CAcreateserial>