diff --git a/src/cli/key/userid.rs b/src/cli/key/userid.rs
index 84e5e195..c0a823d8 100644
--- a/src/cli/key/userid.rs
+++ b/src/cli/key/userid.rs
@@ -64,7 +64,7 @@ However, user IDs that include different information such as name and \
 email address are more difficult to reason about, so using distinct \
 user IDs for name and email address is preferred nowadays.
 
-`sq userid add` respects the reference time set by the top-level \
+`sq key userid add` respects the reference time set by the top-level \
 `--time` argument.  It sets the creation time of the user ID's \
 binding signature to the specified time.
 ",
diff --git a/src/cli/pki/link.rs b/src/cli/pki/link.rs
index ed4e26b1..78183b1c 100644
--- a/src/cli/pki/link.rs
+++ b/src/cli/pki/link.rs
@@ -19,7 +19,7 @@ use crate::cli::types::cert_designator::*;
 "Manage authenticated certificate and User ID links
 
 Linking a certificate and User ID is one way of making `sq` consider a \
-binding to be authentic.  Another way is to use `sq pki vouch certify` to \
+binding to be authentic.  Another way is to use `sq pki vouch add` to \
 certify the binding with an explicitly configured trust root.  The \
 linking functionality is often easier to work with, and the \
 information is private by default.
@@ -138,7 +138,7 @@ be a trusted introducer use `sq pki link authorize`.
 
 A link can be retracted using `sq pki link retract`.
 
-This command is similar to `sq pki vouch certify`, but the certifications it \
+This command is similar to `sq pki vouch add`, but the certifications it \
 makes are done using the certificate directory's trust root, not an \
 arbitrary key.  Further, the certificates are marked as \
 non-exportable.  The former makes it easier to manage certifications, \
diff --git a/src/common/pki/authenticate.rs b/src/common/pki/authenticate.rs
index 65887eef..e7eb0eae 100644
--- a/src/common/pki/authenticate.rs
+++ b/src/common/pki/authenticate.rs
@@ -451,7 +451,7 @@ pub fn authenticate<'store, 'rstore>(
             weprintln!("After checking that a user ID really belongs to \
                         a certificate, use `sq pki link add` to mark \
                         the binding as authenticated, or use \
-                        `sq network fetch FINGERPRINT|EMAIL` to look for \
+                        `sq network search FINGERPRINT|EMAIL` to look for \
                         new certifications.");
         }
     } else if bindings.is_empty() {