[B<-crl_hold instruction>]
[B<-crl_compromise time>]
[B<-crl_CA_compromise time>]
-[B<-subj arg>]
[B<-crldays days>]
[B<-crlhours hours>]
[B<-crlexts section>]
[B<-extensions section>]
[B<-extfile section>]
[B<-engine id>]
+[B<-subj arg>]
+[B<-utf8>]
+[B<-multivalue-rdn>]
=head1 DESCRIPTION
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
+=item B<-subj arg>
+
+supersedes subject name given in the request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
+=item B<-utf8>
+
+this option causes field values to be interpreted as UTF8 strings, by
+default they are interpreted as ASCII. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<-multivalue-rdn>
+
+this option causes the -subj argument to be interpretedt with full
+support for multivalued RDNs. Example:
+
+I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
+
+If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
+
=back
=head1 CRL OPTIONS
This is the same as B<crl_compromise> except the revocation reason is set to
B<CACompromise>.
-=item B<-subj arg>
-
-supersedes subject name given in the request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
-
=item B<-crlexts section>
the section of the configuration file containing CRL extensions to
the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
for more information.
-=item B<nameopt>, B<certopt>
+=item B<name_opt>, B<cert_opt>
these options allow the format used to display the certificate details
when asking the user to confirm signing. All the options supported by
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
- nameopt = ca_default # Subject name display option
- certopt = ca_default # Certificate display option
+ name_opt = ca_default # Subject name display option
+ cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
to rebuild the index file from all the issued certificates and a current
CRL: however there is no option to do this.
-V2 CRL features like delta CRL support and CRL numbers are not currently
-supported.
+V2 CRL features like delta CRLs are not currently supported.
Although several requests can be input and handled at once it is only
possible to include one SPKAC or self signed certificate.