openssl-ca, ca - sample minimal CA application
openssl ca [-help] [-verbose] [-config filename] [-name section] [-gencrl] [-revoke file] [-valid file] [-status serial] [-updatedb] [-crl_reason reason] [-crl_hold instruction] [-crl_compromise time] [-crl_CA_compromise time] [-crldays days] [-crlhours hours] [-crlexts section] [-startdate date] [-enddate date] [-days arg] [-md arg] [-policy arg] [-keyfile arg] [-keyform PEM|DER] [-key arg] [-passin arg] [-cert file] [-selfsign] [-in file] [-out file] [-notext] [-outdir dir] [-infiles] [-spkac file] [-ss_cert file] [-preserveDN] [-noemailDN] [-batch] [-msie_hack] [-extensions section] [-extfile section] [-engine id] [-subj arg] [-utf8] [-sigopt nm:v] [-create_serial] [-rand_serial] [-multivalue-rdn] [-rand file...] [-writerand file]
The ca command is a minimal CA application. It can be used to sign certificate requests in a variety of forms and generate CRLs it also maintains a text database of issued certificates and their status.
The options descriptions will be divided into each purpose.
Print out a usage message.
This prints extra details about the operations being performed.
Specifies the configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).
Specifies the configuration file section to use (overrides default_ca in the ca section).
An input filename containing a single certificate request to be signed by the CA.
A single self-signed certificate to be signed by the CA.
A file containing a single Netscape signed public key and challenge and additional field values to be signed by the CA. See the SPKAC FORMAT section for information on the required input and output format.
If present this should be the last option, all subsequent arguments