continuing edits

1 files changed, 28 insertions, 27 deletions

diff --git a/certutil.xml b/certutil.xml
index ab7b3ce..fc55cfd 100644
--- a/certutil.xml
+++ b/certutil.xml
@@ -40,13 +40,14 @@ The key and certificate management process generally begins with creating keys i
   <refsection id="options">
     <title>Options and Arguments</title>
 	<para>
-		Running <command>certutil</command> always requires one (and only one) option to specify the type of certificate operation. Each option may take arguments, anywhere from none to multiple arguments. To see the arguments available for each option, run the command option and <option>-H</option>.
+		Running <command>certutil</command> always requires one (and only one) option to specify the type of certificate operation. Each option may take arguments, anywhere from none to multiple arguments. Run the command option and <option>-H</option> to see the arguments available for each option.
+
 	</para>
    	<para><command>Options</command></para> 
    	<para>Options specify an action and are uppercase. </para>
     <variablelist>
       <varlistentry>
-        <term>-N example</term>
+        <term>-N</term>
         <listitem><para>Create new certificate and key databases.</para></listitem>
       </varlistentry>
 
@@ -57,12 +58,14 @@ The key and certificate management process generally begins with creating keys i
 
       <varlistentry>
         <term>-R</term>
-        <listitem><para>Create a certificate request file.</para></listitem>
+        <listitem><para>Create a certificate request file  that can be submitted to a Certificate Authority (CA) for processing into a finished certificate. Output defaults to standard out unless you use -o output-file argument.
+
+Use the -a argument to specify ASCII output.</para></listitem>
       </varlistentry>
     
       <varlistentry>
         <term>-C </term>
-        <listitem><para>Create a new binary certificate file from a binary certificate request file.</para></listitem>
+        <listitem><para>Create a new binary certificate file from a binary certificate request file. Use the <option>-i</option> argument to specify the certificate request file. If this argument is not used, <command>certutil</command> prompts for a filename. </para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -72,7 +75,12 @@ The key and certificate management process generally begins with creating keys i
 
       <varlistentry>
         <term>-F</term>
-        <listitem><para>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA or an RSA key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname. When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards (for example, the litronic card) do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname. </para></listitem>
+        <listitem><para>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the 
+<option>-d</option> argument. Use the -k argument to specify explicitly whether to delete a DSA or an RSA key. If you don't use the <option>-k</option> argument, 
+the option looks for an RSA key matching the specified nickname. 
+</para>
+<para>
+When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards (for example, the Litronic card) do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname. </para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -93,7 +101,7 @@ The key and certificate management process generally begins with creating keys i
       <varlistentry>
         <term>-L </term>
         <listitem><para>List all the certificates, or display information about a named certificate, in a certificate database.
-        Use the -h tokenname argument to specify the certificate database on a particular hardware or software token.</para></listitem>
+Use the -h tokenname argument to specify the certificate database on a particular hardware or software token.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -126,7 +134,7 @@ The key and certificate management process generally begins with creating keys i
 	<para>Option arguments modify an action and are lowercase.</para>
 	<variablelist>
       <varlistentry>
-        <term>-a keyLength</term>
+        <term>-a</term>
         <listitem><para>Use ASCII format or allow the use of ASCII format for input or output. This formatting follows RFC #1113. 
         For certificate requests, ASCII output defaults to standard output unless redirected.</para></listitem>
       </varlistentry>
@@ -165,7 +173,7 @@ The key and certificate management process generally begins with creating keys i
       </varlistentry>
 
       <varlistentry>
-        <term>-e dbprefix</term>
+        <term>-e </term>
         <listitem><para>Check a certificate's signature during the process of validating a certificate.</para></listitem>
       </varlistentry>
 
@@ -267,22 +275,22 @@ The key and certificate management process generally begins with creating keys i
 	<para>
 		The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:
 	</para>
-<programlisting>-t "TCu,Cu,Tuw"</programlisting>
+<para><command>-t "TCu,Cu,Tuw"</command></para>
 	<para>
 	Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-u certusage</term>
-        <listitem><para>Specify a usage context to apply when validating a certificate with the -V option.</para><para>The contexts are the following:</para><para>C (as an SSL client)</para><para>
-        V (as an SSL server), 
-        S (as an email signer), 
-        R (as an email recipient)
-         </para></listitem>
+        <listitem><para>Specify a usage context to apply when validating a certificate with the -V option.</para><para>The contexts are the following:</para>
+<para><command>C</command> (as an SSL client)</para>
+<para><command>V</command> (as an SSL server)</para>
+<para><command>S</command> (as an email signer)</para>
+<para><command>R</command> (as an email recipient)</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-v xxxxxxx</term>
+        <term>-v valid-months</term>
         <listitem><para>Set the number of months a new certificate will be valid. 
         The validity period begins at the current system time unless an offset is added or 
         subtracted with the -w option. If this argument is not used, the default validity 
@@ -295,7 +303,7 @@ The key and certificate management process generally begins with creating keys i
       </varlistentry>
 
       <varlistentry>
-        <term>-w xxxxxxx</term>
+        <term>-w offset-months</term>
         <listitem><para>Set an offset from the current system time, in months, 
         for the beginning of a certificate's validity period. Use when creating 
         the certificate or adding it to a database. Express the offset in integers, 
@@ -306,24 +314,17 @@ The key and certificate management process generally begins with creating keys i
 
       <varlistentry>
         <term>-x </term>
-        <listitem><para>Use the Certificate Database Tool to generate the signature 
-        for a certificate being created or added to a database, rather than obtaining 
-        a signature from a separate CA.</para></listitem>
+        <listitem><para>Use <command>certutil</command> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-y xxxxxxx</term>
-        <listitem><para>Set an alternate exponent value to use in generating 
-        a new RSA public key for the database, instead of the default value of 65537. 
-        The available alternate values are 3 and 17.</para></listitem>
+        <term>-y exp</term>
+        <listitem><para>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-z noise-file</term>
-        <listitem><para>Read a seed value from the specified binary file to 
-        use in generating a new RSA private and public key pair. This argument 
-        makes it possible to use hardware-generated seed values and unnecessary 
-        to manually create a value from the keyboard. The minimum file size is 20 bytes.</para></listitem>
+        <listitem><para>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</para></listitem>
       </varlistentry>
 
       <varlistentry>