New option to CA.pl to sign request using CA extensions.

This allows intermediate CAs to be created more easily. PKCS12_create() now checks private key matches certificate. Fix typo in x509 app. Update docs. New function ASN1_STRING_to_UTF8() converts any ASN1_STRING type to UTF8.
author: Dr. Stephen Henson <steve@openssl.org> 2000-08-24 23:24:18 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2000-08-24 23:24:18 +0000
commit: d428bf8c568c617bb3c3bd0ac3b326298e7b34b9 (patch)
tree: b2941d622c7d4dbd526afa82a9308016a04321fe /doc/apps/CA.pl.pod
parent: d096b524afbdc371032d96d22f1686d88bfba0e9 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
index 75aa2a1d26..63cd1320cc 100644
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -72,6 +72,13 @@ to be in the file "newreq.pem". The new certificate is written to the file
 "newcert.pem" except in the case of the B<-xsign> option when it is written
 to standard output.
 
+
+=item B<-signCA>
+
+this option is the same as the B<-signreq> option except it uses the configuration
+file section B<v3_ca> and so makes the signed request a valid CA certificate. This
+is useful when creating intermediate CA from a root CA.
+
 =item B<-signcert>
 
 this option is the same as B<-sign> except it expects a self signed certificate
author	Dr. Stephen Henson <steve@openssl.org>	2000-08-24 23:24:18 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2000-08-24 23:24:18 +0000
commit	d428bf8c568c617bb3c3bd0ac3b326298e7b34b9 (patch)
tree	b2941d622c7d4dbd526afa82a9308016a04321fe /doc/apps/CA.pl.pod
parent	d096b524afbdc371032d96d22f1686d88bfba0e9 (diff)