RT3291: Add -crl and -revoke options to CA.pl

author Rich Salz <rsalz@openssl.org>

Fri, 19 Sep 2014 01:45:41 +0000 (21:45 -0400)

committer Rich Salz <rsalz@openssl.org>

Fri, 19 Sep 2014 01:45:41 +0000 (21:45 -0400)
author Rich Salz <rsalz@openssl.org>
Fri, 19 Sep 2014 01:45:41 +0000 (21:45 -0400)
committer Rich Salz <rsalz@openssl.org>
Fri, 19 Sep 2014 01:45:41 +0000 (21:45 -0400)
diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod

index d326101cde788a00ff564900fc92e439c39a291b..92ae288748d469552f130f460cb8df63aa1a6e70 100644 (file)
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -89,6 +89,17 @@ is useful when creating intermediate CA from a root CA.
  this option is the same as B<-sign> except it expects a self signed certificate
  to be present in the file "newreq.pem".
  
+=item B<-crl>
+
+generate a CRL
+
+=item B<-revoke certfile [reason]>
+
+revoke the certificate contained in the specified B<certfile>. An optional
+reason may be specified, and must be one of: B<unspecified>,
+B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>,
+B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
+
  =item B<-verify>
  
  verifies certificates against the CA certificate for "demoCA". If no certificates
author	Rich Salz <rsalz@openssl.org>
	Fri, 19 Sep 2014 01:45:41 +0000 (21:45 -0400)
committer	Rich Salz <rsalz@openssl.org>
	Fri, 19 Sep 2014 01:45:41 +0000 (21:45 -0400)