diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 1999-03-18 19:27:55 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 1999-03-18 19:27:55 +0000 |
| commit | 5ebada52ecc2d5a6431851ac1daca193264de416 (patch) | |
| tree | 24fccb048ac2a56ae516dc1cff17099d9a2f767f /share/man/man8/ssl.8 | |
| parent | b96cd4a13769bef15fcf538f290bbea973af8e52 (diff) | |
Fix problem with dsakey generation command for encrypted key, mention thawte.
Diffstat (limited to 'share/man/man8/ssl.8')
| -rw-r--r-- | share/man/man8/ssl.8 | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8 index 08c13436395..f634336bd94 100644 --- a/share/man/man8/ssl.8 +++ b/share/man/man8/ssl.8 @@ -153,13 +153,13 @@ paramters generated, you can generate a certificate and unencrypted private key using the command: .Bd -literal -offset indent # ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\ - -out /etc/dsacert.pem -keyout /etc/ssl/private/dsakey.pem + -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem .Ed .Pp To generate an encrypted private key, you would use: .Bd -literal -offset indent -# ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\ - -out /etc/dsacert.pem -keyout /etc/ssl/private/dsakey.pem +# ssleay req -x509 -newkey dsa:dsa1024.pem \\ + -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem .Ed .Sh GENERATING RSA SERVER CERTIFICATES FOR WEB SERVERS To generate @@ -201,7 +201,13 @@ This .Pa server.csr file can then be given to .Ar Certifying Authority -who will sign the key. +who will sign the key. One such CA is +.Ar Thawte Certification +which you can reach at +.Ar http://www.thawte.com/. +Thawte can currently sign RSA keys for you. A procedure is being worked out +to allow for DSA keys. +.Pp You can also sign the key yourself, using the command: .Bd -literal -offset indent # ssleay x509 -req -days 365 -in /etc/ssl/private/server.csr \\ |