diff --git a/doc/certutil.xml b/doc/certutil.xml
--- a/doc/certutil.xml
+++ b/doc/certutil.xml
@@ -634,16 +634,37 @@ of the attribute codes:
--extSKID
Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.
+ --extNC
+ Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.
+
+
+
+ --keyAttrFlags attrflags
+
+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
+
+
+
+ --keyFlagsOn opflags
+ --keyFlagsOff opflags
+
+PKCS #11 key Operation Flags.
+Comma separated list of one or more of the following:
+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
+
+
+
+
--source-dir certdir
Identify the certificate database directory to upgrade.
--source-prefix certdir
Give the prefix of the certificate and key databases to upgrade.
@@ -795,17 +816,17 @@ JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0C
XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
-----END CERTIFICATE-----
-For a humam-readable display
+For a human-readable display
$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3650 (0xe42)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Example CA"
Validity:
diff --git a/doc/cmsutil.xml b/doc/cmsutil.xml
--- a/doc/cmsutil.xml
+++ b/doc/cmsutil.xml
@@ -84,19 +84,26 @@ The options and arguments for the cmsuti
-S
Sign a message.
Arguments
- Option arguments modify an action and are lowercase.
+ Option arguments modify an action.
+ -b
+
+ Decode a batch of files named in infile.
+
+
+
+
-c content
Use this detached content (decode only).
-d dbdir
@@ -108,37 +115,58 @@ The options and arguments for the cmsuti
-e envfile
Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).
+ -f pwfile
+
+ Use password file to set password on all PKCS#11 tokens.
+
+
+
+
-G
Include a signing time attribute (sign only).
-
+
+
+ -H hash
+
+ Use specified hash algorithm (default:SHA1).
+
+
+
-h num
Generate email headers with info about CMS message (decode only).
-i infile
Use infile as a source of data (default is stdin).
+ -k
+
+ Keep decoded encryption certs in permanent cert db.
+
+
+
+
-N nickname
Specify nickname of certificate to sign with (sign only).
-n
@@ -188,16 +216,23 @@ For certificates-only message, list of c
-u certusage
Set type of cert usage (default is certUsageEmailSigner).
+ -v
+
+ Print debugging information.
+
+
+
+
-Y ekprefnick
Specify an encryption key preference by nickname.
diff --git a/doc/crlutil.xml b/doc/crlutil.xml
--- a/doc/crlutil.xml
+++ b/doc/crlutil.xml
@@ -261,16 +261,30 @@ Specify type of CRL. possible types are:
-u url
Specify the url.
+
+ -w pwd-string
+
+ Provide db password in command line.
+
+
+
+
+ -Z algorithm
+
+ Specify the hash algorithm to use for signing the CRL.
+
+
+
CRL Generation script syntax
CRL generation script file has the following syntax:
* Line with comments should have # as a first symbol of a line