diff -up ./nss/doc/certutil.xml.missing_options ./nss/doc/certutil.xml
--- ./nss/doc/certutil.xml.missing_options	2014-11-25 10:14:22.068846717 -0800
+++ ./nss/doc/certutil.xml	2014-11-25 10:17:49.810974243 -0800
@@ -204,6 +204,11 @@ If this option is not used, the validity
       </varlistentry>
 
       <varlistentry>
+        <term>--dump-ext-val OID </term>
+        <listitem><para>For single cert, print binary DER encoding of extension OID.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term>-e </term>
         <listitem><para>Check a certificate's signature during the process of validating a certificate.</para></listitem>
       </varlistentry>
@@ -214,6 +219,26 @@ If this option is not used, the validity
       </varlistentry>
 
       <varlistentry>
+        <term>--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]... </term>
+        <listitem>
+          <para>
+Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.
+           </para>
+	<itemizedlist>
+	<listitem>
+<para>OID (example): 1.2.3.4</para>
+	</listitem>
+	<listitem>
+<para>critical-flag: critical or not-critical</para>
+	</listitem>
+	<listitem>
+<para>filename: full path to a file containing an encoded extension</para>
+	</listitem>
+	</itemizedlist>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term>-f password-file</term>
         <listitem><para>Specify a file that will automatically supply the password to include in a certificate 
  or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent 
@@ -376,6 +401,15 @@ of the attribute codes:
 <para><command>V</command> (as an SSL server)</para>
 	</listitem>
 	<listitem>
+<para><command>L</command> (as an SSL CA)</para>
+	</listitem>
+	<listitem>
+<para><command>A</command> (as Any CA)</para>
+	</listitem>
+	<listitem>
+<para><command>Y</command> (Verify CA)</para>
+	</listitem>
+	<listitem>
 <para><command>S</command> (as an email signer)</para>
 	</listitem>
 	<listitem>
@@ -649,6 +683,17 @@ of the attribute codes:
       </varlistentry>
 
       <varlistentry>
+        <term>--extSAN type:name[,type:name]...</term>
+        <listitem><para>
+Create a Subject Alt Name extension with one or multiple names.
+          </para>
+          <para>
+-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr
+        </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term>--empty-password</term>
         <listitem><para>Use empty password when creating new certificate database with -N.</para></listitem>
       </varlistentry>