summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStuart Henderson <sthen@cvs.openbsd.org>2016-06-06 15:26:05 +0000
committerStuart Henderson <sthen@cvs.openbsd.org>2016-06-06 15:26:05 +0000
commit6b42bbf5f791742503e369d4f0db2283d7cb41fa (patch)
tree90e3ab598ab95220e70d1c3ad08ff3f545e1dc0b
parentdf80dd65dec8e8c53afc19ed596de99483f1532b (diff)
Remove the section about generating DSA keys for webservers etc from the ssl(8)
instructions. ok benno@ beck@
-rw-r--r--share/man/man8/ssl.836
1 files changed, 2 insertions, 34 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8
index c3af58157ed..d69c46f8c0b 100644
--- a/share/man/man8/ssl.8
+++ b/share/man/man8/ssl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssl.8,v 1.63 2016/02/08 19:29:58 jmc Exp $
+.\" $OpenBSD: ssl.8,v 1.64 2016/06/06 15:26:04 sthen Exp $
.\"
.\" Copyright (c) 1999 Theo de Raadt, Bob Beck
.\" All rights reserved.
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: February 8 2016 $
+.Dd $Mdocdate: June 6 2016 $
.Dt SSL 8
.Os
.Sh NAME
@@ -112,38 +112,6 @@ you can switch to using the new certificate by replacing the self-signed
with the certificate signed by your Certificate Authority, and then
restarting
.Xr httpd 8 .
-.Sh GENERATING DSA SERVER CERTIFICATES
-Generating a DSA certificate involves several steps.
-First, generate parameters for DSA keys.
-The following command will generate 1024-bit keys:
-.Bd -literal -offset indent
-# openssl dsaparam 1024 -out dsa1024.pem
-.Ed
-.Pp
-Once you have the DSA parameters generated, you can generate a
-CSR and unencrypted private key using the command:
-.Bd -literal -offset indent
-# openssl req -nodes -newkey dsa:dsa1024.pem \e
- -out /etc/ssl/dsacert.csr -keyout /etc/ssl/private/dsakey.pem
-.Ed
-.Pp
-To generate an encrypted private key, you would use:
-.Bd -literal -offset indent
-# openssl req -newkey dsa:dsa1024.pem \e
- -out /etc/ssl/dsacert.csr -keyout /etc/ssl/private/dsakey.pem
-.Ed
-.Pp
-This
-.Pa server.csr
-file can then be given to a CA who will sign the key.
-.Pp
-You can also sign the key yourself, using the command:
-.Bd -literal -offset indent
-# openssl x509 -sha256 -req -days 365 \e
- -in /etc/ssl/private/dsacert.csr \e
- -signkey /etc/ssl/private/dsacert.key \e
- -out /etc/ssl/dsacert.crt
-.Ed
.Sh GENERATING ECDSA SERVER CERTIFICATES
First, generate parameters for ECDSA keys.
The following command will use a NIST/SECG curve over a 384-bit