Blob Blame Raw
From f5b4420f01272f14416558286c66511b1e35816d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 14 May 2020 14:37:31 -0400
Subject: [PATCH 43/43] Add long options to command-line help

The command-line help mostly consisted of only the short options.
Add the long-option and clean up some of the output.

https://bugzilla.redhat.com/show_bug.cgi?id=1782838
---
 src/getcert.c | 536 ++++++++++++++++++++++++++++++++------------------
 src/scep.c    |   2 +-
 2 files changed, 345 insertions(+), 193 deletions(-)

diff --git a/src/getcert.c b/src/getcert.c
index 5c8dc94..84e0bf3 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -4864,50 +4864,90 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Required arguments:\n"),
 		N_("* If using an NSS database for storage:\n"),
-		N_("  -d DIR	NSS database for key and cert\n"),
-		N_("  -n NAME	nickname for NSS-based storage (only valid with -d)\n"),
-		N_("  -t NAME	optional token name for NSS-based storage (only valid with -d)\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
+		N_("  -t NAME, --token=NAME	optional token name for NSS-based storage\n"),
+		N_("			(only valid with -d)\n"),
 		N_("* If using files for storage:\n"),
-		N_("  -k FILE	PEM file for private key\n"),
-		N_("  -f FILE	PEM file for certificate (only valid with -k)\n"),
+		N_("  -k FILE, --keyfile=FILE\n"),
+		N_("			PEM file for private key\n"),
+		N_("  -f FILE, --certfile=FILE\n"),
+		N_("			PEM file for certificate (only valid with -k)\n"),
 		N_("* If keys are to be encrypted:\n"),
-		N_("  -p FILE	file which holds the encryption PIN\n"),
-		N_("  -P PIN	PIN value\n"),
+		N_("  -p FILE, --pinfile=FILE\n"),
+		N_("			file which holds the encryption PIN\n"),
+		N_("  -P PIN, --pin=PIN	PIN value\n"),
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* Certificate handling settings:\n"),
-		N_("  -I NAME	nickname to assign to the request\n"),
-		N_("  -G TYPE	type of key to be generated if one is not already in place\n"),
-		N_("  -g SIZE	size of key to be generated if one is not already in place\n"),
-		N_("  -r		attempt to renew the certificate when expiration nears (default)\n"),
-		N_("  -R		don't attempt to renew the certificate when expiration nears\n"),
+		N_("  -I NAME, --new-id=NAME\n"),
+		N_("			new nickname to give to tracking request\n"),
+		N_("  -G TYPE, --key-type=TYPE\n"),
+		N_("			type of key to be generated if one is not already\n"),
+		N_("			in place\n"),
+		N_("  -g BITS, --key-size=BITS\n"),
+		N_("			size of key to be generated if one is not already\n"),
+		N_("			in place\n"),
+		N_("  -r, --renew		attempt to renew the certificate when\n"),
+		N_("			expiration nears (default)\n"),
+		N_("  -R, --no-renew	don't attempt to renew the certificate when\n"),
+		N_("			expiration nears\n"),
 #ifndef FORCE_CA
-		N_("  -c CA		use the specified CA rather than the default\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
 #endif
-		N_("  -T PROFILE	ask the CA to process the request using the named profile or template\n"),
+		N_("  -T PROFILE, --profile=NAME\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named profile or template\n"),
 		N_("  --ms-template-spec SPEC\n"),
-		N_("	 include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
-		N_("  -X ISSUER	ask the CA to process the request using the named issuer\n"),
+		N_("	 		include V2 template specifier in CSR\n"),
+		N_("			(format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
+		N_("  -X ISSUER, --issuer=ISSUER\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named issuer\n"),
 		N_("* Parameters for the signing request:\n"),
-		N_("  -N NAME	set requested subject name (default: CN=<hostname>)\n"),
-		N_("  -U EXTUSAGE	set requested extended key usage OID\n"),
-		N_("  -u KEYUSAGE	set requested key usage value\n"),
-		N_("  -K NAME	set requested principal name\n"),
-		N_("  -D DNSNAME	set requested DNS name\n"),
-		N_("  -E EMAIL	set requested email address\n"),
-		N_("  -A ADDRESS	set requested IP address\n"),
-		N_("  -l FILE	file which holds an optional challenge password\n"),
-		N_("  -L PASSWORD	an optional challenge password value\n"),
+		N_("  -N NAME, --subject-name=NAME\n"),
+		N_("			set requested subject name (default: CN=<hostname>)\n"),
+		N_("  -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
+		N_("			override requested extended key usage OID\n"),
+		N_("  -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
+		N_("			set requested key usage value\n"),
+		N_("  -K NAME, --principal=NAME\n"),
+		N_("			override requested principal name\n"),
+		N_("  -D DNSNAME, --dns=DNSNAME\n"),
+		N_("			override requested DNS name\n"),
+		N_("  -E EMAIL, --email=EMAIL\n"),
+		N_("			override requested email address\n"),
+		N_("  -A ADDRESS, --ip-address=ADDRESS\n"),
+		N_("			override requested IP address\n"),
+		N_("  -l FILE, --challenge-password-file=FILE\n"),
+		N_("			file which holds an optional challenge password\n"),
+		N_("  -L PASSWORD, --challenge-password=PASSWORD\n"),
+		N_("			an optional challenge password value\n"),
 		N_("* Bus options:\n"),
-		N_("  -S		connect to the certmonger service on the system bus\n"),
-		N_("  -s		connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -B	command to run before saving the certificate\n"),
-		N_("  -C	command to run after saving the certificate\n"),
-		N_("  -F	file in which to store the CA's certificates\n"),
-		N_("  -a	NSS database in which to store the CA's certificates\n"),
-		N_("  -w	try to wait for the certificate to be issued\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -B COMMAND, --before-command=COMMAND\n"),
+		N_("			command to run before saving the certificate\n"),
+		N_("  -C COMMAND, --after-command=COMMAND\n"),
+		N_("			command to run after saving the certificate\n"),
+		N_("  -F FILE, --ca-file=FILE\n"),
+		N_("			file in which to store the CA's certificates\n"),
+		N_("  -a DIR, --ca-dbdir=DIR\n"),
+		N_("			NSS database in which to store the CA's certificates\n"),
+		N_("  -w, --wait		try to wait for the certificate to be issued\n"),
+		N_("  --wait-timeout TIMEOUT\n"),
+		N_("			Maximum time to wait for the certificateto be issued\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
+		N_("  -o OWNER, --key-owner=OWNER\n"),
+		N_("			owner information for private key\n"),
+		N_("  -m MODE, --key-perms=MODE\n"),
+		N_("			file permissions for private key\n"),
+		N_("  -O OWNER, --cert-owner=OWNER\n"),
+		N_("			owner information for certificate\n"),
+		N_("  -M MODE, --cert-perms=MODE\n"),
+		N_("			file permissions for certificate\n"),
 		NULL,
 	};
 	const char *start_tracking_help[] = {
@@ -4915,49 +4955,84 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Required arguments:\n"),
 		N_("* If modifying an existing request:\n"),
-		N_("  -i NAME	nickname of an existing tracking request\n"),
+		N_("  -i NAME, --id=NAME	nickname of an existing tracking request\n"),
 		N_("* If using an NSS database for storage:\n"),
-		N_("  -d DIR	NSS database for key and cert\n"),
-		N_("  -n NAME	nickname for NSS-based storage (only valid with -d)\n"),
-		N_("  -t NAME	optional token name for NSS-based storage (only valid with -d)\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
+		N_("  -t NAME, --token=NAME	optional token name for NSS-based storage\n"),
+		N_("			(only valid with -d)\n"),
 		N_("* If using files for storage:\n"),
-		N_("  -k FILE	PEM file for private key\n"),
-		N_("  -f FILE	PEM file for certificate (only valid with -k)\n"),
+		N_("  -k FILE, --keyfile=FILE\n"),
+		N_("			PEM file for private key\n"),
+		N_("  -f FILE, --certfile=FILE\n"),
+		N_("			PEM file for certificate (only valid with -k)\n"),
 		N_("* If keys are encrypted:\n"),
-		N_("  -p FILE	file which holds the encryption PIN\n"),
-		N_("  -P PIN	PIN value\n"),
+		N_("  -p FILE, --pinfile=FILE\n"),
+		N_("			file which holds the encryption PIN\n"),
+		N_("  -P PIN, --pin=PIN	PIN value\n"),
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* Certificate handling settings:\n"),
-		N_("  -I NAME	nickname to give to tracking request\n"),
-		N_("  -r		attempt to renew the certificate when expiration nears (default)\n"),
-		N_("  -R		don't attempt to renew the certificate when expiration nears\n"),
+		N_("  -I NAME, --new-id=NAME\n"),
+		N_("			nickname to give to tracking request\n"),
+		N_("  -r, --renew		attempt to renew the certificate when\n"),
+		N_("			expiration nears (default)\n"),
+		N_("  -R, --no-renew	don't attempt to renew the certificate when\n"),
+		N_("			expiration nears\n"),
 #ifndef FORCE_CA
-		N_("  -c CA		use the specified CA rather than the default\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
 #endif
-		N_("  -T PROFILE	ask the CA to process the request using the named profile or template\n"),
+		N_("  -T PROFILE, --profile=NAME\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named profile or template\n"),
 		N_("  --ms-template-spec SPEC\n"),
-		N_("	 include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
-		N_("  -X ISSUER	ask the CA to process the request using the named issuer\n"),
+		N_("	 		include V2 template specifier in CSR\n"),
+		N_("			(format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
+		N_("  -X ISSUER, --issuer=ISSUER\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named issuer\n"),
 		N_("* Parameters for the signing request at renewal time:\n"),
-		N_("  -U EXTUSAGE	override requested extended key usage OID\n"),
-		N_("  -u KEYUSAGE	set requested key usage value\n"),
-		N_("  -K NAME	override requested principal name\n"),
-		N_("  -D DNSNAME	override requested DNS name\n"),
-		N_("  -E EMAIL	override requested email address\n"),
-		N_("  -A ADDRESS	override requested IP address\n"),
-		N_("  -l FILE	file which holds an optional challenge password\n"),
-		N_("  -L PASSWORD	an optional challenge password value\n"),
+		N_("  -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
+		N_("			override requested extended key usage OID\n"),
+		N_("  -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
+		N_("			set requested key usage value\n"),
+		N_("  -K NAME, --principal=NAME\n"),
+		N_("			override requested principal name\n"),
+		N_("  -D DNSNAME, --dns=DNSNAME\n"),
+		N_("			override requested DNS name\n"),
+		N_("  -E EMAIL, --email=EMAIL\n"),
+		N_("			override requested email address\n"),
+		N_("  -A ADDRESS, --ip-address=ADDRESS\n"),
+		N_("			override requested IP address\n"),
+		N_("  -l FILE, --challenge-password-file=FILE\n"),
+		N_("			file which holds an optional challenge password\n"),
+		N_("  -L PASSWORD, --challenge-password=PASSWORD\n"),
+		N_("			an optional challenge password value\n"),
 		N_("* Bus options:\n"),
-		N_("  -S		connect to the certmonger service on the system bus\n"),
-		N_("  -s		connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -B	command to run before saving the certificate\n"),
-		N_("  -C	command to run after saving the certificate\n"),
-		N_("  -F	file in which to store the CA's certificates\n"),
-		N_("  -a	NSS database in which to store the CA's certificates\n"),
-		N_("  -w	try to wait for the certificate to be issued\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -B COMMAND, --before-command=COMMAND\n"),
+		N_("			command to run before saving the certificate\n"),
+		N_("  -C COMMAND, --after-command=COMMAND\n"),
+		N_("			command to run after saving the certificate\n"),
+		N_("  -F FILE, --ca-file=FILE\n"),
+		N_("			file in which to store the CA's certificates\n"),
+		N_("  -a DIR, --ca-dbdir=DIR\n"),
+		N_("			NSS database in which to store the CA's certificates\n"),
+		N_("  -w, --wait		try to wait for the certificate to be issued\n"),
+		N_("  --wait-timeout TIMEOUT\n"),
+		N_("			Maximum time to wait for the certificateto be issued\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
+		N_("  -o OWNER, --key-owner=OWNER\n"),
+		N_("			owner information for private key\n"),
+		N_("  -m MODE, --key-perms=MODE\n"),
+		N_("			file permissions for private key\n"),
+		N_("  -O OWNER, --cert-owner=OWNER\n"),
+		N_("			owner information for certificate\n"),
+		N_("  -M MODE, --cert-perms=MODE\n"),
+		N_("			file permissions for certificate\n"),
 		NULL,
 	};
 	const char *stop_tracking_help[] = {
@@ -4965,21 +5040,24 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Required arguments:\n"),
 		N_("* By request identifier:\n"),
-		N_("  -i NAME	nickname for tracking request\n"),
+		N_("  -i NAME, --id=NAME	nickname for tracking request\n"),
 		N_("* If using an NSS database for storage:\n"),
-		N_("  -d DIR	NSS database for key and cert\n"),
-		N_("  -n NAME	nickname for NSS-based storage (only valid with -d)\n"),
-		N_("  -t NAME	optional token name for NSS-based storage (only valid with -d)\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
 		N_("* If using files for storage:\n"),
-		N_("  -k FILE	PEM file for private key\n"),
-		N_("  -f FILE	PEM file for certificate (only valid with -k)\n"),
+		N_("  -k FILE, --keyfile=FILE\n"),
+		N_("			PEM file for private key\n"),
+		N_("  -f FILE, --certfile=FILE\n"),
+		N_("			PEM file for certificate (only valid with -k)\n"),
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* Bus options:\n"),
-		N_("  -S		connect to the certmonger service on the system bus\n"),
-		N_("  -s		connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
+		"\n",
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *resubmit_help[] = {
@@ -4987,49 +5065,81 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Required arguments:\n"),
 		N_("* By request identifier:\n"),
-		N_("  -i NAME	nickname for tracking request\n"),
+		N_("  -i NAME, --id=NAME	nickname for tracking request\n"),
 		N_("* If using an NSS database for storage:\n"),
-		N_("  -d DIR	NSS database for key and cert\n"),
-		N_("  -n NAME	nickname for NSS-based storage (only valid with -d)\n"),
-		N_("  -t NAME	optional token name for NSS-based storage (only valid with -d)\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
+		N_("  -t NAME, --token=NAME	optional token name for NSS-based storage\n"),
+		N_("			(only valid with -d)\n"),
 		N_("* If using files for storage:\n"),
 		N_("  -f FILE	PEM file for certificate\n"),
 		"\n",
 		N_("* If keys are encrypted:\n"),
-		N_("  -p FILE	file which holds the encryption PIN\n"),
-		N_("  -P PIN	PIN value\n"),
+		N_("  -p FILE, --pinfile=FILE\n"),
+		N_("			file which holds the encryption PIN\n"),
+		N_("  -P PIN, --pin=PIN	PIN value\n"),
 		"\n",
 		N_("* New parameter values for the signing request:\n"),
-		N_("  -N NAME	set requested subject name (default: CN=<hostname>)\n"),
-		N_("  -U EXTUSAGE	set requested extended key usage OID\n"),
-		N_("  -u KEYUSAGE	set requested key usage value\n"),
-		N_("  -K NAME	set requested principal name\n"),
-		N_("  -D DNSNAME	set requested DNS name\n"),
-		N_("  -E EMAIL	set requested email address\n"),
-		N_("  -A ADDRESS	set requested IP address\n"),
-		N_("  -l FILE	file which holds an optional challenge password\n"),
-		N_("  -L PASSWORD	an optional challenge password value\n"),
+		N_("  -N NAME, --subject-name=NAME\n"),
+		N_("			set requested subject name (default: CN=<hostname>)\n"),
+		N_("  -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
+		N_("			override requested extended key usage OID\n"),
+		N_("  -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
+		N_("			set requested key usage value\n"),
+		N_("  -K NAME, --principal=NAME\n"),
+		N_("			override requested principal name\n"),
+		N_("  -D DNSNAME, --dns=DNSNAME\n"),
+		N_("			override requested DNS name\n"),
+		N_("  -E EMAIL, --email=EMAIL\n"),
+		N_("			override requested email address\n"),
+		N_("  -A ADDRESS, --ip-address=ADDRESS\n"),
+		N_("			override requested IP address\n"),
+		N_("  -l FILE, --challenge-password-file=FILE\n"),
+		N_("			file which holds an optional challenge password\n"),
+		N_("  -L PASSWORD, --challenge-password=PASSWORD\n"),
+		N_("			an optional challenge password value\n"),
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* Certificate handling settings:\n"),
-		N_("  -I NAME	new nickname to give to tracking request\n"),
+		N_("  -I NAME, --new-id=NAME\n"),
+		N_("			nickname to give to tracking request\n"),
 #ifndef FORCE_CA
-		N_("  -c CA		use the specified CA rather than the current one\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
 #endif
-		N_("  -T PROFILE	ask the CA to process the request using the named profile or template\n"),
+		N_("  -T PROFILE, --profile=NAME\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named profile or template\n"),
 		N_("  --ms-template-spec SPEC\n"),
-		N_("	 include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
-		N_("  -X ISSUER	ask the CA to process the request using the named issuer\n"),
+		N_("	 		include V2 template specifier in CSR\n"),
+		N_("			(format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
+		N_("  -X ISSUER, --issuer=ISSUER\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named issuer\n"),
 		N_("* Bus options:\n"),
-		N_("  -S		connect to the certmonger service on the system bus\n"),
-		N_("  -s		connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -B	command to run before saving the certificate\n"),
-		N_("  -C	command to run after saving the certificate\n"),
-		N_("  -F	file in which to store the CA's certificates\n"),
-		N_("  -a	NSS database in which to store the CA's certificates\n"),
-		N_("  -w	try to wait for the certificate to be issued\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -B COMMAND, --before-command=COMMAND\n"),
+		N_("			command to run before saving the certificate\n"),
+		N_("  -C COMMAND, --after-command=COMMAND\n"),
+		N_("			command to run after saving the certificate\n"),
+		N_("  -F FILE, --ca-file=FILE\n"),
+		N_("			file in which to store the CA's certificates\n"),
+		N_("  -a DIR, --ca-dbdir=DIR\n"),
+		N_("			NSS database in which to store the CA's certificates\n"),
+		N_("  -w, --wait		try to wait for the certificate to be issued\n"),
+		N_("  --wait-timeout TIMEOUT\n"),
+		N_("			Maximum time to wait for the certificateto be issued\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
+		N_("  -o OWNER, --key-owner=OWNER\n"),
+		N_("			owner information for private key\n"),
+		N_("  -m MODE, --key-perms=MODE\n"),
+		N_("			file permissions for private key\n"),
+		N_("  -O OWNER, --cert-owner=OWNER\n"),
+		N_("			owner information for certificate\n"),
+		N_("  -M MODE, --cert-perms=MODE\n"),
+		N_("			file permissions for certificate\n"),
 		NULL,
 	};
 	const char *rekey_help[] = {
@@ -5037,51 +5147,80 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Required arguments:\n"),
 		N_("* By request identifier:\n"),
-		N_("  -i NAME	nickname for tracking request\n"),
+		N_("  -i NAME, --id=NAME	nickname for tracking request\n"),
 		N_("* If using an NSS database for storage:\n"),
-		N_("  -d DIR	NSS database for key and cert\n"),
-		N_("  -n NAME	nickname for NSS-based storage (only valid with -d)\n"),
-		N_("  -t NAME	optional token name for NSS-based storage (only valid with -d)\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
+		N_("  -t NAME, --token=NAME	optional token name for NSS-based storage\n"),
+		N_("			(only valid with -d)\n"),
 		N_("* If using files for storage:\n"),
-		N_("  -f FILE	PEM file for certificate\n"),
+		N_("  -f FILE, --certfile=FILE\n"),
+		N_("			PEM file for certificate\n"),
 		"\n",
 		N_("* If keys are encrypted:\n"),
-		N_("  -p FILE	file which holds the encryption PIN\n"),
-		N_("  -P PIN	PIN value\n"),
+		N_("  -p FILE, --pinfile=FILE\n"),
+		N_("			file which holds the encryption PIN\n"),
+		N_("  -P PIN, --pin=PIN	PIN value\n"),
 		"\n",
 		N_("* New parameter values for the signing request:\n"),
-		N_("  -N NAME	set requested subject name (default: CN=<hostname>)\n"),
-		N_("  -U EXTUSAGE	set requested extended key usage OID\n"),
-		N_("  -u KEYUSAGE	set requested key usage value\n"),
-		N_("  -K NAME	set requested principal name\n"),
-		N_("  -D DNSNAME	set requested DNS name\n"),
-		N_("  -E EMAIL	set requested email address\n"),
-		N_("  -A ADDRESS	set requested IP address\n"),
-		N_("  -l FILE	file which holds an optional challenge password\n"),
-		N_("  -L PASSWORD	an optional challenge password value\n"),
+		N_("  -N NAME, --subject-name=NAME\n"),
+		N_("			set requested subject name (default: CN=<hostname>)\n"),
+		N_("  -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"),
+		N_("			override requested extended key usage OID\n"),
+		N_("  -u KEYUSAGE, --key-usage=KEYUSAGE\n"),
+		N_("			set requested key usage value\n"),
+		N_("  -K NAME, --principal=NAME\n"),
+		N_("			override requested principal name\n"),
+		N_("  -D DNSNAME, --dns=DNSNAME\n"),
+		N_("			override requested DNS name\n"),
+		N_("  -E EMAIL, --email=EMAIL\n"),
+		N_("			override requested email address\n"),
+		N_("  -A ADDRESS, --ip-address=ADDRESS\n"),
+		N_("			override requested IP address\n"),
+		N_("  -l FILE, --challenge-password-file=FILE\n"),
+		N_("			file which holds an optional challenge password\n"),
+		N_("  -L PASSWORD, --challenge-password=PASSWORD\n"),
+		N_("			an optional challenge password value\n"),
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* Certificate handling settings:\n"),
-		N_("  -I NAME	new nickname to give to tracking request\n"),
+		N_("  -I NAME, --new-id=NAME\n"),
+		N_("			new nickname to give to tracking request\n"),
 #ifndef FORCE_CA
-		N_("  -c CA		use the specified CA rather than the current one\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
 #endif
-		N_("  -T PROFILE	ask the CA to process the request using the named profile or template\n"),
+		N_("  -T PROFILE, --profile=NAME\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named profile or template\n"),
 		N_("  --ms-template-spec SPEC\n"),
-		N_("	 include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
-		N_("  -X ISSUER	ask the CA to process the request using the named issuer\n"),
-		N_("  -G TYPE	type of new key to be generated\n"),
-		N_("  -g SIZE	size of new key to be generated\n"),
+		N_("	 		include V2 template specifier in CSR\n"),
+		N_("			(format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"),
+		N_("  -X ISSUER, --issuer=ISSUER\n"),
+		N_("			ask the CA to process the request using the\n"),
+		N_("			named issuer\n"),
+		N_("  -G TYPE, --key-type=TYPE\n"),
+		N_("			type of key to be generated if one is not already\n"),
+		N_("			in place\n"),
+		N_("  -g BITS, --key-size=BITS\n"),
+		N_("			size of key to be generated if one is not already\n"),
+		N_("			in place\n"),
 		N_("* Bus options:\n"),
-		N_("  -S		connect to the certmonger service on the system bus\n"),
-		N_("  -s		connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -B	command to run before saving the certificate\n"),
-		N_("  -C	command to run after saving the certificate\n"),
-		N_("  -F	file in which to store the CA's certificates\n"),
-		N_("  -a	NSS database in which to store the CA's certificates\n"),
-		N_("  -w	try to wait for the certificate to be issued\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -B COMMAND, --before-command=COMMAND\n"),
+		N_("			command to run before saving the certificate\n"),
+		N_("  -C COMMAND, --after-command=COMMAND\n"),
+		N_("			command to run after saving the certificate\n"),
+		N_("  -F FILE, --ca-file=FILE\n"),
+		N_("			file in which to store the CA's certificates\n"),
+		N_("  -a DIR, --ca-dbdir=DIR\n"),
+		N_("			NSS database in which to store the CA's certificates\n"),
+		N_("  -w, --wait		try to wait for the certificate to be issued\n"),
+		N_("  --wait-timeout TIMEOUT\n"),
+		N_("			Maximum time to wait for the certificateto be issued\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *list_help[] = {
@@ -5090,46 +5229,52 @@ help(const char *twopartcmd, const char *category)
 		N_("Optional arguments:\n"),
 		N_("* General options:\n"),
 #ifndef FORCE_CA
-		N_("  -c CA	list only requests and certs associated with this CA\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
 #endif
-		N_("  -r	list only information about outstanding requests\n"),
-		N_("  -t	list only information about tracked certificates\n"),
-		N_("  -u	display times in UTC instead of local time\n"),
+		N_("  -r, --requests-only	list only information about outstanding requests\n"),
+		N_("  -t, --tracking-only	list only information about tracked certificates\n"),
+		N_("  -u, --utc		display times in UTC instead of local time\n"),
 		N_("* If selecting a specific request:\n"),
-		N_("  -i NAME	nickname for tracking request\n"),
+		N_("  -i NAME, --id=NAME	nickname for tracking request\n"),
 		N_("* If using an NSS database for storage:\n"),
-		N_("  -d DIR	only list requests and certs which use this NSS database\n"),
-		N_("  -n NAME	only list requests and certs which use this nickname\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
 		N_("* If using files for storage:\n"),
-		N_("  -f FILE	only list requests and certs stored in this PEM file\n"),
+		N_("  -f FILE, --certfile=FILE\n"),
+		N_("			only list requests and certs stored in this PEM file\n"),
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *refresh_help[] = {
 		N_("Usage: %s refresh [options]\n"),
 		"\n",
 		N_("* General options:\n"),
-		N_("  -a	refresh information about all outstanding requests\n"),
+		N_("  -a, --all		refresh information about all outstanding requests\n"),
 		"\n",
 		N_("Required arguments:\n"),
 		N_("* By request identifier:\n"),
-		N_("  -i NAME	nickname for tracking request\n"),
+		N_("  -i NAME, --id=NAME	nickname for tracking request\n"),
 		N_("* If using an NSS database for storage:\n"),
-		N_("  -d DIR	NSS database for key and cert\n"),
-		N_("  -n NAME	nickname for NSS-based storage (only valid with -d)\n"),
-		N_("  -t NAME	optional token name for NSS-based storage (only valid with -d)\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
+		N_("  -t NAME, --token=NAME	optional token name for NSS-based storage\n"),
+		N_("			(only valid with -d)\n"),
 		N_("* If using files for storage:\n"),
-		N_("  -f FILE	PEM file for certificate\n"),
+		N_("  -f FILE, --certfile=FILE\n"),
+		N_("			PEM file for certificate\n"),
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* Bus options:\n"),
-		N_("  -S		connect to the certmonger service on the system bus\n"),
-		N_("  -s		connect to the certmonger service on the session bus\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
+		N_("* Other options:\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *status_help[] = {
@@ -5137,17 +5282,19 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* Selecting a specific request:\n"),
-		N_("  -i NAME	nickname for tracking request\n"),
+		N_("  -i NAME, --id=NAME	nickname for tracking request\n"),
 		N_("* When using an NSS database for storage:\n"),
-		N_("  -d DIR	return status for the request in this NSS database\n"),
-		N_("  -n NAME	return status for cert which uses this nickname\n"),
+		N_("  -d DIR, --dbdir=DIR	NSS database for key and cert\n"),
+		N_("  -n NAME, --nickname NAME\n"),
+		N_("			nickname for NSS-based storage (only valid with -d)\n"),
 		N_("* When using files for storage:\n"),
-		N_("  -f FILE	return status for cert stored in this PEM file\n"),
+		N_("  -f FILE, --certfile=FILE\n"),
+		N_("			return status for cert stored in this PEM file\n"),
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *list_cas_help[] = {
@@ -5156,13 +5303,13 @@ help(const char *twopartcmd, const char *category)
 		N_("Optional arguments:\n"),
 #ifndef FORCE_CA
 		N_("* General options:\n"),
-		N_("  -c CA	list only information about the CA with this name\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
 #endif
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *refresh_ca_help[] = {
@@ -5171,14 +5318,14 @@ help(const char *twopartcmd, const char *category)
 		N_("Optional arguments:\n"),
 #ifndef FORCE_CA
 		N_("* General options:\n"),
-		N_("  -c CA	refresh information about the CA with this name\n"),
-		N_("  -a	refresh information about all known CAs\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
+		N_("  -a, --all		refresh information about all known CAs\n"),
 #endif
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 #ifndef FORCE_CA
@@ -5187,13 +5334,13 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* General options:\n"),
-		N_("  -c CA		nickname to give to the new CA configuration\n"),
-		N_("  -e CMD	helper command to run to communicate with CA\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
+		N_("  -e CMD, --command CMD	helper command to run to communicate with CA\n"),
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *add_scep_ca_help[] = {
@@ -5201,18 +5348,23 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* General options:\n"),
-		N_("  -c CA		nickname to give to the new CA configuration\n"),
-		N_("  -u URL	location of SCEP server\n"),
-		N_("  -i ID		CA identifier\n"),
-		N_("  -R FILE	file containing CA's certificate\n"),
-		N_("  -r FILE	file containing RA's certificate\n"),
-		N_("  -I FILE	file containing certificates in RA's certifying chain\n"),
-		N_("  -n	prefer not to use the SCEP Renewal feature\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
+		N_("  -u URL, --URL URL	location of SCEP server\n"),
+		N_("  -i ID, --id ID	CA identifier\n"),
+		N_("  -R FILE, --cacert=FILE\n"),
+		N_("			file containing web server's certificate\n"),
+		N_("  -r FILE, --racert=FILE\n"),
+		N_("			file containing RA's certificate\n"),
+		N_("  -N FILE, --signingca=FILE\n"),
+		N_("			file containing CA's certificate\n"),
+		N_("  -I FILE, --other-certs=FILE\n"),
+		N_("			file containing certificates in RA's certifying chain\n"),
+		N_("  -n, --non-renewal	prefer not to use the SCEP Renewal feature\n"),
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *modify_ca_help[] = {
@@ -5220,13 +5372,13 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* General options:\n"),
-		N_("  -c CA		nickname of the CA configuration\n"),
-		N_("  -e CMD	updated helper command to run to communicate with CA\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
+		N_("  -e CMD, --command CMD	helper command to run to communicate with CA\n"),
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 	const char *remove_ca_help[] = {
@@ -5234,12 +5386,12 @@ help(const char *twopartcmd, const char *category)
 		"\n",
 		N_("Optional arguments:\n"),
 		N_("* General options:\n"),
-		N_("  -c CA	nickname of CA configuration to remove\n"),
+		N_("  -c CA, --ca=NAME	use the specified CA rather than the default\n"),
 		N_("* Bus options:\n"),
-		N_("  -S	connect to the certmonger service on the system bus\n"),
-		N_("  -s	connect to the certmonger service on the session bus\n"),
+		N_("  -S, --system		connect to the certmonger service on the system bus\n"),
+		N_("  -s, --session		connect to the certmonger service on the session bus\n"),
 		N_("* Other options:\n"),
-		N_("  -v	report all details of errors\n"),
+		N_("  -v, --verbose		report all details of errors\n"),
 		NULL,
 	};
 #endif
diff --git a/src/scep.c b/src/scep.c
index 4294cda..4dde1ce 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -230,7 +230,7 @@ main(int argc, const char **argv)
 		{"url", 'u', POPT_ARG_STRING, &url, 0, "service location", "URL"},
 		{"ca-identifier", 'i', POPT_ARG_STRING, &id, 0, "name to use when querying for capabilities", "IDENTIFIER"},
 		{"retrieve-ca-capabilities", 'c', POPT_ARG_NONE, NULL, 'c', "make a GetCACaps request", NULL},
-		{"retrieve-ca-certificates", 'C', POPT_ARG_NONE, NULL, 'C', "make GetCACert/GetCAChain requests", NULL},
+		{"retrieve-ca-certificates", 'C', POPT_ARG_NONE, NULL, 'C', "make GetCACert request", NULL},
 		{"get-initial-cert", 'g', POPT_ARG_NONE, NULL, 'g', "send a PKIOperation pkiMessage", NULL},
 		{"pki-message", 'p', POPT_ARG_NONE, NULL, 'p', "send a PKIOperation pkiMessage", NULL},
 		{"racert", 'r', POPT_ARG_STRING, NULL, 'r', "the RA certificate, used for encrypting requests", "FILENAME"},
-- 
2.21.1