diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2012-05-25 19:25:39 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2012-05-25 19:25:39 +0000 |
commit | a74f203f848460883cc047cbe2e4adc347790a30 (patch) | |
tree | 9100f4140850d7e13070af85a899babfc9109323 | |
parent | 0045739c12e0e9c44b16949d3aac53c9fa45d89b (diff) |
recommend rsa4096 and sha256; from Nicolai
ok millert
-rw-r--r-- | share/man/man8/ssl.8 | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8 index 84914873675..1caf3872834 100644 --- a/share/man/man8/ssl.8 +++ b/share/man/man8/ssl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssl.8,v 1.48 2011/09/29 17:57:08 jmc Exp $ +.\" $OpenBSD: ssl.8,v 1.49 2012/05/25 19:25:38 jmc Exp $ .\" .\" Copyright (c) 1999 Theo de Raadt, Bob Beck .\" All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 29 2011 $ +.Dd $Mdocdate: May 25 2012 $ .Dt SSL 8 .Os .Sh NAME @@ -110,13 +110,13 @@ you will need to generate an .Ar RSA certificate. .Bd -literal -offset indent -# openssl genrsa -out /etc/ssl/private/server.key 2048 +# openssl genrsa -out /etc/ssl/private/server.key 4096 .Ed .Pp Or, if you wish the key to be encrypted with a passphrase that you will have to type in when starting servers .Bd -literal -offset indent -# openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 +# openssl genrsa -aes256 -out /etc/ssl/private/server.key 4096 .Ed .Pp The next step is to generate a @@ -139,8 +139,10 @@ who will sign the key. .Pp You can also sign the key yourself, using the command: .Bd -literal -offset indent -# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \e - -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt +# openssl x509 -sha256 -req -days 365 \e + -in /etc/ssl/private/server.csr \e + -signkey /etc/ssl/private/server.key \e + -out /etc/ssl/server.crt .Ed .Pp With |