P scales 5 to 8 have been replaced by the pre-key stage standards for KS1 and KS2. If -p is not included, NoPassWordSet is used as a default password -a. It can be used interactively or non interactively by specifying the template command line option. These set the available certificate extensions. Typically, a key stored in this type of entry is a secret key, or a private key accompanied by the certificate chain for the corresponding public key.
For example have a look at the certificate of facebook.com. It is using a Subject Alternative Name with multiple DNS defined in the certificate so it avoids creating multiple certificate for each sub domain.