Using n of -2 includes all certificate except for the root cert, -1 includes all certs, 0 does not include any certs, 1 includes only the signers cert and all other positive values include up to n certificates starting with the signer cert. The default is -2.
Use the cipher algorithm with the ASN.1 object identifier oid for
encryption. For convenience the strings
AES256 may be used instead of their OIDs. The default is
name as the message digest algorithm. Usually this
algorithm is deduced from the respective signing certificate. This
option forces the use of the given algorithm and may lead to severe