diff options
| -rw-r--r-- | share/man/man8/ssl.8 | 10 | ||||
| -rw-r--r-- | usr.sbin/openssl/openssl.1 | 11 |
2 files changed, 10 insertions, 11 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8 index d57dc6390b6..10c5eb390d7 100644 --- a/share/man/man8/ssl.8 +++ b/share/man/man8/ssl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssl.8,v 1.46 2010/03/26 19:30:40 jmc Exp $ +.\" $OpenBSD: ssl.8,v 1.47 2011/09/07 09:30:15 jmc Exp $ .\" .\" Copyright (c) 1999 Theo de Raadt, Bob Beck .\" All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 26 2010 $ +.Dd $Mdocdate: September 7 2011 $ .Dt SSL 8 .Os .Sh NAME @@ -94,7 +94,7 @@ directory, with the keys in the directory. .Pp Private keys can be encrypted using -.Ar 3DES +.Ar AES and a passphrase to protect their integrity should the encrypted file be disclosed. However, it is important to note that encrypted server keys mean that the @@ -110,13 +110,13 @@ you will need to generate an .Ar RSA certificate. .Bd -literal -offset indent -# openssl genrsa -out /etc/ssl/private/server.key 1024 +# openssl genrsa -out /etc/ssl/private/server.key 2048 .Ed .Pp Or, if you wish the key to be encrypted with a passphrase that you will have to type in when starting servers .Bd -literal -offset indent -# openssl genrsa -des3 -out /etc/ssl/private/server.key 1024 +# openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 .Ed .Pp The next step is to generate a diff --git a/usr.sbin/openssl/openssl.1 b/usr.sbin/openssl/openssl.1 index f6014394dee..f88f9ac4097 100644 --- a/usr.sbin/openssl/openssl.1 +++ b/usr.sbin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.85 2011/01/20 13:32:19 lum Exp $ +.\" $OpenBSD: openssl.1,v 1.86 2011/09/07 09:30:16 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -112,7 +112,7 @@ .\" .\" OPENSSL .\" -.Dd $Mdocdate: January 20 2011 $ +.Dd $Mdocdate: September 7 2011 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -6115,17 +6115,17 @@ Examine and verify a certificate request: .Pp Create a private key and then generate a certificate request from it: .Bd -literal -offset indent -$ openssl genrsa -out key.pem 1024 +$ openssl genrsa -out key.pem 2048 $ openssl req -new -key key.pem -out req.pem .Ed .Pp The same but just using req: .Pp -.Dl $ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem +.Dl $ openssl req -newkey rsa:2048 -keyout key.pem -out req.pem .Pp Generate a self-signed root certificate: .Pp -.Dl "$ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem" +.Dl "$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem" .Pp Example of a file pointed to by the .Ar oid_file @@ -8891,7 +8891,6 @@ $ openssl ts -verify \e -in design2.tsr -CAfile cacert.pem .Ed .Sh TS BUGS -.Pp No support for time stamps over SMTP, though it is quite easy to implement an automatic email-based TSA with .Xr procmail |