RT3291: Add -crl and -revoke options to CA.pl

Document the new features Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-18 21:45:41 -04:00 · 2014-09-18 21:45:41 -04:00 · e8185aea87
commit e8185aea87
parent 99b00fd993
1 changed files with 11 additions and 0 deletions
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@ -89,6 +89,17 @@ is useful when creating intermediate CA from a root CA.
 this option is the same as B<-sign> except it expects a self signed certificate
 to be present in the file "newreq.pem".

+=item B<-crl>
+
+generate a CRL
+
+=item B<-revoke certfile [reason]>
+
+revoke the certificate contained in the specified B<certfile>. An optional
+reason may be specified, and must be one of: B<unspecified>,
+B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>,
+B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
+
 =item B<-verify>

 verifies certificates against the CA certificate for "demoCA". If no certificates