diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-07-28 21:38:53 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-04-27 15:45:37 +0100 |
commit | 9748e6127634e26483ff796d6572a303b1d514b7 (patch) | |
tree | 1fcae7dd069483268a486009d20fd2745c7194b0 /doc | |
parent | 87943b933e52ffe59c7ba929ccaaccbe49a7be9e (diff) | |
download | openssl-new-9748e6127634e26483ff796d6572a303b1d514b7.tar.gz |
openssl-ocsp.pod.in: state for options that they are flexible w.r.t. cert input format
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18917)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-ocsp.pod.in | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in index 0c93dc9d84..9106a1d349 100644 --- a/doc/man1/openssl-ocsp.pod.in +++ b/doc/man1/openssl-ocsp.pod.in @@ -103,12 +103,16 @@ specify output filename, default is standard output. =item B<-issuer> I<filename> This specifies the current issuer certificate. +The input can be in PEM, DER, or PKCS#12 format. + This option can be used multiple times. This option B<MUST> come before any B<-cert> options. =item B<-cert> I<filename> Add the certificate I<filename> to the request. +The input can be in PEM, DER, or PKCS#12 format. + This option can be used multiple times. The issuer certificate is taken from the previous B<-issuer> option, or an error occurs if no issuer certificate is specified. @@ -127,8 +131,10 @@ be specified by preceding the value by a C<-> sign. =item B<-signer> I<filename>, B<-signkey> I<filename> Sign the OCSP request using the certificate specified in the B<-signer> -option and the private key specified by the B<-signkey> option. If -the B<-signkey> option is not present then the private key is read +option and the private key specified by the B<-signkey> option. +The input can be in PEM, DER, or PKCS#12 format. + +If the B<-signkey> option is not present then the private key is read from the same file as the certificate. If neither option is specified then the OCSP request is not signed. @@ -322,13 +328,14 @@ must also be present. =item B<-CA> I<file> -CA certificate corresponding to the revocation information in the index +CA certificates corresponding to the revocation information in the index file given with B<-index>. The input can be in PEM, DER, or PKCS#12 format. =item B<-rsigner> I<file> The certificate to sign OCSP responses with. +The input can be in PEM, DER, or PKCS#12 format. =item B<-rkey> I<file> |