1 files changed, 6 insertions, 6 deletions

diff --git a/certutil.xml b/certutil.xml
index 734003a..d0e04e9 100644
--- a/certutil.xml
+++ b/certutil.xml
@@ -94,7 +94,7 @@ When you delete keys, be sure to also remove any certificates associated with th
 
       <varlistentry>
         <term>-K </term>
-        <listitem><para>List the keyID of keys in the key database. A keyID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).</para></listitem>
+        <listitem><para>List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -414,7 +414,7 @@ the default and create a validity period of one month.</para></listitem>
 
       <varlistentry>
         <term>-3 </term>
-        <listitem><para>Add an authority keyID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority keyID extension.</para>
+        <listitem><para>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</para>
 <para>X.509 certificate extensions are described in RFC 5280.</para></listitem>
       </varlistentry>
 
@@ -589,7 +589,7 @@ the default and create a validity period of one month.</para></listitem>
 		The <option>-R</option> command options requires four arguments:
 	</para>
 	<para>
-		* <option>-k</option> to specify either the key type to generate or, when renewing a certificate, the exisitng key pair to use
+		* <option>-k</option> to specify either the key type to generate or, when renewing a certificate, the existing key pair to use
 	</para>
 	<para>
 		* <option>-g</option> to set the keysize of the key to generate
@@ -661,7 +661,7 @@ qmtyQNjIi1F8c1Z+TL4uFYlMg8z6LG/J/u1E5t1QqB5e9Q4+BhRbrQjRR1JZx3tB
 	<para>
 		Key pairs are generated automatically with a certificate request or certificate, but they can also be generated independently using the <option>-G</option> command option. 
 	</para>
-<programlisting language="Bash">certutil -G -d directory | -h tokenname -k key-type -g key-size [-y exponent-value] -q pgfile|curve-name</programlisting>
+<programlisting language="Bash">certutil -G -d directory | -h tokenname -k key-type -g key-size [-y exponent-value] -q pqgfile|curve-name</programlisting>
 	<para>
 		For example:
 	</para>
@@ -710,7 +710,7 @@ nI7q5n1USM3eWQlVXw==
 
 	<para><command>Listing Keys</command></para>
 	<para>
-		Keys are the orignal material used to encrypt certificate data. The keys generated for certificates are stored separately, in the <filename>key3.db</filename> database. 
+		Keys are the original material used to encrypt certificate data. The keys generated for certificates are stored separately, in the <filename>key3.db</filename> database. 
 	</para>
 	<para>
 		To list all keys in the database, use the <option>-K</option> command option and the (required) <option>-d</option> argument to give the path to the directory.
@@ -791,7 +791,7 @@ certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and
 
 	<para><command>Printing the Certificate Chain</command></para>
 	<para>
-		Certificates can be issued in <emphasis>chains</emphasis> because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The <option>-O</option> prints the full chain of a certificate, going from the intial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain:
+		Certificates can be issued in <emphasis>chains</emphasis> because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The <option>-O</option> prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain:
 	</para>
 <programlisting language="Bash">$ certutil -d . -O -n "jsmith@example.com"
 "Builtin Object Token:Thawte Personal Freemail CA" [E=personal-freemail@thawte.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA]