diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-10-01 14:10:46 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-10-01 14:10:46 +0000 |
| commit | 45a911116e9a62477d5fe055315a5669e2968e51 (patch) | |
| tree | 12d441408f89cec640194b34cb0c7318c5ec9c7d /sbin/isakmpd/README.PKI | |
| parent | da76e694d9d648d16f9e8997860f4d672828602d (diff) | |
regress/x509/x509test.c: Merge with EOM 1.8
README.PKI: Merge with EOM 1.7
author: niklas
OpenSSL 0.9.4 support
Diffstat (limited to 'sbin/isakmpd/README.PKI')
| -rw-r--r-- | sbin/isakmpd/README.PKI | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/sbin/isakmpd/README.PKI b/sbin/isakmpd/README.PKI index 11e4385b6ef..4b7d9f13a63 100644 --- a/sbin/isakmpd/README.PKI +++ b/sbin/isakmpd/README.PKI @@ -1,15 +1,14 @@ -$OpenBSD: README.PKI,v 1.6 1999/08/26 22:30:46 niklas Exp $ -$EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ +$OpenBSD: README.PKI,v 1.7 1999/10/01 14:10:45 niklas Exp $ +$EOM: README.PKI,v 1.7 1999/09/30 13:40:38 niklas Exp $ 1 Make sure you have an RSA-enabled isakmpd. An easy way to do this - is to find a dynamically linkable version of libcrypto from SSLeay - or perhaps OpenSSL (not tested by me) and install it where the - run-time linker can find it. + is to install a dynamically linkable version of libcrypto from + OpenSSL and install it where the run-time linker can find it. 2 Create your own CA as root. - ssleay genrsa -out /etc/ssl/private/ca.key 1024 - ssleay req -new -key /etc/ssl/private/ca.key \ + openssl genrsa -out /etc/ssl/private/ca.key 1024 + openssl req -new -key /etc/ssl/private/ca.key \ -out /etc/ssl/private/ca.csr You are now being asked to enter information that will be incorporated @@ -18,7 +17,7 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ you can leave some blank. For some fields there will be a default value, if you enter '.', the field will be left blank. - ssleay x509 -req -days 365 -in /etc/ssl/private/ca.csr \ + openssl x509 -req -days 365 -in /etc/ssl/private/ca.csr \ -signkey /etc/ssl/private/ca.key \ -out /etc/ssl/ca.crt @@ -30,8 +29,8 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ run too. See to encode the ID in the common name too, so it gets unique. - ssleay genrsa -out /etc/isakmpd/private/local.key 1024 - ssleay req -new -key /etc/isakmpd/private/local.key \ + openssl genrsa -out /etc/isakmpd/private/local.key 1024 + openssl req -new -key /etc/isakmpd/private/local.key \ -out /etc/isakmpd/private/10.0.0.1.csr Now take these certificate signing requests to your CA and process @@ -40,7 +39,7 @@ $EOM: README.PKI,v 1.6 1999/08/12 22:34:26 niklas Exp $ to run certpatch. Replace 10.0.0.1 with the IP-address which isakmpd will be using for identity. - ssleay x509 -req -days 365 -in 10.0.0.1.csr -CA /etc/ssl/ca.crt \ + openssl x509 -req -days 365 -in 10.0.0.1.csr -CA /etc/ssl/ca.crt \ -CAkey /etc/ssl/private/ca.key -CAcreateserial \ -out 10.0.0.1.crt certpatch -i 10.0.0.1 -k /etc/ssl/private/ca.key \ |