add a hint about subjectAltName. this isn't great, but i'm not sure how

to improve it without muddying up the whole page, and at a minimum it
gives the reader a clue about some concepts to search the web for.
if you can do better, make it so. :)

1 files changed, 12 insertions, 2 deletions

diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8
index d69c46f8c0b..2a7641b921c 100644
--- a/share/man/man8/ssl.8
+++ b/share/man/man8/ssl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssl.8,v 1.64 2016/06/06 15:26:04 sthen Exp $
+.\"	$OpenBSD: ssl.8,v 1.65 2017/07/08 02:13:36 tedu Exp $
 .\"
 .\" Copyright (c) 1999 Theo de Raadt, Bob Beck
 .\" All rights reserved.
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 6 2016 $
+.Dd $Mdocdate: July 8 2017 $
 .Dt SSL 8
 .Os
 .Sh NAME
@@ -94,6 +94,16 @@ You can also sign the key yourself, using the command:
   -out /etc/ssl/server.crt
 .Ed
 .Pp
+Note that some new browsers have deprecated using the common name of a
+certifate and require that subject alt names be provided.
+This may require the use of
+.Ar -extfile Pa server.ext
+when self-signing.
+.Bd -literal -offset indent
+# this is an example server.ext file
+subjectAltName=DNS:example.com,DNS:www.example.com
+.Ed
+.Pp
 With
 .Pa /etc/ssl/server.crt
 and