diff options
Diffstat (limited to 'lib/libssl/src/doc/apps/ca.pod')
| -rw-r--r-- | lib/libssl/src/doc/apps/ca.pod | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/lib/libssl/src/doc/apps/ca.pod b/lib/libssl/src/doc/apps/ca.pod index 9ff0cc36125..7294627d163 100644 --- a/lib/libssl/src/doc/apps/ca.pod +++ b/lib/libssl/src/doc/apps/ca.pod @@ -88,7 +88,7 @@ section for information on the required format. =item B<-infiles> if present this should be the last option, all subsequent arguments -are assumed to the the names of files containing certificate requests. +are assumed to the the names of files containing certificate requests. =item B<-out filename> @@ -180,7 +180,7 @@ need this option. =item B<-preserveDN> Normally the DN order of a certificate is the same as the order of the -fields in the relevant policy section. When this option is set the order +fields in the relevant policy section. When this option is set the order is the same as the request. This is largely for compatibility with the older IE enrollment control which would only accept certificates if their DNs match the order of the request. This is not needed for Xenroll. @@ -230,7 +230,7 @@ characters may be escaped by \ (backslash), no spaces are skipped. =item B<-utf8> -this option causes field values to be interpreted as UTF8 strings, by +this option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings. @@ -336,7 +336,7 @@ any) used. This specifies a file containing additional B<OBJECT IDENTIFIERS>. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed -by white space and finally the long name. +by white space and finally the long name. =item B<oid_section> @@ -368,7 +368,7 @@ an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). =item B<default_days> the same as the B<-days> option. The number of days to certify -a certificate for. +a certificate for. =item B<default_startdate> @@ -491,7 +491,7 @@ this can be regarded more of a quirk than intended behaviour. The input to the B<-spkac> command line option is a Netscape signed public key and challenge. This will usually come from -the B<KEYGEN> tag in an HTML form to create a new private key. +the B<KEYGEN> tag in an HTML form to create a new private key. It is however possible to create SPKACs using the B<spkac> utility. The file should contain the variable SPKAC set to the value of @@ -547,18 +547,18 @@ A sample configuration file with the relevant sections for B<ca>: [ ca ] default_ca = CA_default # The default ca section - + [ CA_default ] dir = ./demoCA # top dir database = $dir/index.txt # index file. new_certs_dir = $dir/newcerts # new certs dir - + certificate = $dir/cacert.pem # The CA cert serial = $dir/serial # serial no file private_key = $dir/private/cakey.pem# CA private key RANDFILE = $dir/private/.rand # random number file - + default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = md5 # md to use @@ -602,7 +602,7 @@ be overridden by the B<-config> command line option. =head1 RESTRICTIONS -The text database index file is a critical part of the process and +The text database index file is a critical part of the process and if corrupted it can be difficult to fix. It is theoretically possible to rebuild the index file from all the issued certificates and a current CRL: however there is no option to do this. @@ -670,6 +670,6 @@ then even if a certificate is issued with CA:TRUE it will not be valid. =head1 SEE ALSO L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>, -L<config(5)|config(5)>, L<x509v3_config(5)|x509v3_config(5)> +L<config(5)|config(5)>, L<x509v3_config(5)|x509v3_config(5)> =cut |