=item B<-issuer> I<filename>
This specifies the current issuer certificate.
+The input can be in PEM, DER, or PKCS#12 format.
+
This option can be used multiple times.
This option B<MUST> come before any B<-cert> options.
=item B<-cert> I<filename>
Add the certificate I<filename> to the request.
+The input can be in PEM, DER, or PKCS#12 format.
+
This option can be used multiple times.
The issuer certificate is taken from the previous B<-issuer> option,
or an error occurs if no issuer certificate is specified.
=item B<-signer> I<filename>, B<-signkey> I<filename>
Sign the OCSP request using the certificate specified in the B<-signer>
-option and the private key specified by the B<-signkey> option. If
-the B<-signkey> option is not present then the private key is read
+option and the private key specified by the B<-signkey> option.
+The input can be in PEM, DER, or PKCS#12 format.
+
+If the B<-signkey> option is not present then the private key is read
from the same file as the certificate. If neither option is specified then
the OCSP request is not signed.
=item B<-CA> I<file>
-CA certificate corresponding to the revocation information in the index
+CA certificates corresponding to the revocation information in the index
file given with B<-index>.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-rsigner> I<file>
The certificate to sign OCSP responses with.
+The input can be in PEM, DER, or PKCS#12 format.
=item B<-rkey> I<file>