Commit 7bb89f09 authored by Rob Percival's avatar Rob Percival Committed by Rich Salz
Browse files

Documentation for the -precert flag for "openssl req" 



Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
parent caee75d2

doc/man1/req.pod

+9 −0
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ B<openssl> B<req> 
[B<-newhdr>]

[B<-extensions section>]

[B<-reqexts section>]

[B<-precert>]

[B<-utf8>]

[B<-nameopt>]

[B<-reqopt>]
@@ -253,6 +254,14 @@ request extensions. This allows several different sections to 
be used in the same configuration file to specify requests for

a variety of purposes.



=item B<-precert>



a poison extension will be added to the certificate, making it a

"pre-certificate" (see RFC6962). This can be submitted to Certificate

Transparency logs in order to obtain signed certificate timestamps (SCTs).

These SCTs can then be embedded into the pre-certificate as an extension, before

removing the poison and signing the certificate.



=item B<-utf8>



this option causes field values to be interpreted as UTF8 strings, by