-
=pod
=head1 NAME
this option is the same as B<-sign> except it expects a self signed certificate
to be present in the file "newreq.pem".
+=item B<-crl>
+
+generate a CRL
+
+=item B<-revoke certfile [reason]>
+
+revoke the certificate contained in the specified B<certfile>. An optional
+reason may be specified, and must be one of: B<unspecified>,
+B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>,
+B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
+
=item B<-verify>
verifies certificates against the CA certificate for "demoCA". If no certificates
-are specified on the command line it tries to verify the file "newcert.pem".
+are specified on the command line it tries to verify the file "newcert.pem".
=item B<files>
=head1 DSA CERTIFICATES
Although the B<CA.pl> creates RSA CAs and requests it is still possible to
-use it with DSA certificates and requests using the L<req(1)|req(1)> command
+use it with DSA certificates and requests using the L<req(1)> command
directly. The following example shows the steps that would typically be taken.
Create some DSA parameters:
Create a DSA certificate request and private key (a different set of parameters
can optionally be created first):
- openssl req -out newreq.pem -newkey dsa:dsap.pem
+ openssl req -out newreq.pem -newkey dsa:dsap.pem
Sign the request:
perl -S CA.pl
-can be used and the B<OPENSSL_CONF> environment variable changed to point to
+can be used and the B<OPENSSL_CONF> environment variable changed to point to
the correct path of the configuration file "openssl.cnf".
The script is intended as a simple front end for the B<openssl> program for use
=head1 SEE ALSO
-L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>,
-L<config(5)|config(5)>
+L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
+L<config(5)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
=cut