summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2012-05-25 19:25:39 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2012-05-25 19:25:39 +0000
commita74f203f848460883cc047cbe2e4adc347790a30 (patch)
tree9100f4140850d7e13070af85a899babfc9109323
parent0045739c12e0e9c44b16949d3aac53c9fa45d89b (diff)
recommend rsa4096 and sha256; from Nicolai
ok millert
-rw-r--r--share/man/man8/ssl.814
1 files changed, 8 insertions, 6 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8
index 84914873675..1caf3872834 100644
--- a/share/man/man8/ssl.8
+++ b/share/man/man8/ssl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssl.8,v 1.48 2011/09/29 17:57:08 jmc Exp $
+.\" $OpenBSD: ssl.8,v 1.49 2012/05/25 19:25:38 jmc Exp $
.\"
.\" Copyright (c) 1999 Theo de Raadt, Bob Beck
.\" All rights reserved.
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: September 29 2011 $
+.Dd $Mdocdate: May 25 2012 $
.Dt SSL 8
.Os
.Sh NAME
@@ -110,13 +110,13 @@ you will need to generate an
.Ar RSA
certificate.
.Bd -literal -offset indent
-# openssl genrsa -out /etc/ssl/private/server.key 2048
+# openssl genrsa -out /etc/ssl/private/server.key 4096
.Ed
.Pp
Or, if you wish the key to be encrypted with a passphrase that you will
have to type in when starting servers
.Bd -literal -offset indent
-# openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048
+# openssl genrsa -aes256 -out /etc/ssl/private/server.key 4096
.Ed
.Pp
The next step is to generate a
@@ -139,8 +139,10 @@ who will sign the key.
.Pp
You can also sign the key yourself, using the command:
.Bd -literal -offset indent
-# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \e
- -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt
+# openssl x509 -sha256 -req -days 365 \e
+ -in /etc/ssl/private/server.csr \e
+ -signkey /etc/ssl/private/server.key \e
+ -out /etc/ssl/server.crt
.Ed
.Pp
With