From 7bb89f094de0fb544df77e5afca82ade9b413f7d Mon Sep 17 00:00:00 2001 From: Rob Percival Date: Thu, 10 Mar 2016 20:32:16 +0000 Subject: [PATCH] Documentation for the -precert flag for "openssl req" Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/843) --- doc/man1/req.pod | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/man1/req.pod b/doc/man1/req.pod index 83b5704bd9..5ac629aa44 100644 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -37,6 +37,7 @@ B B [B<-newhdr>] [B<-extensions section>] [B<-reqexts section>] +[B<-precert>] [B<-utf8>] [B<-nameopt>] [B<-reqopt>] @@ -253,6 +254,14 @@ request extensions. This allows several different sections to be used in the same configuration file to specify requests for a variety of purposes. +=item B<-precert> + +a poison extension will be added to the certificate, making it a +"pre-certificate" (see RFC6962). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate. + =item B<-utf8> this option causes field values to be interpreted as UTF8 strings, by -- 2.25.1