summaryrefslogtreecommitdiff
path: root/share/man/man8/ssl.8
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man8/ssl.8')
-rw-r--r--share/man/man8/ssl.870
1 files changed, 35 insertions, 35 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8
index b0eecd9c996..d3436f97547 100644
--- a/share/man/man8/ssl.8
+++ b/share/man/man8/ssl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssl.8,v 1.44 2007/05/31 19:19:59 jmc Exp $
+.\" $OpenBSD: ssl.8,v 1.45 2008/12/16 17:40:04 espie Exp $
.\"
.\" Copyright (c) 1999 Theo de Raadt, Bob Beck
.\" All rights reserved.
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: December 16 2008 $
.Dt SSL 8
.Os
.Sh NAME
@@ -101,39 +101,6 @@ However, it is important to note that encrypted server keys mean that the
passphrase needs to be typed in every time the server is started.
If a passphrase is not used, you will need to be absolutely sure your
key file is kept secure.
-.Sh GENERATING DSA SERVER CERTIFICATES
-Generating a
-.Ar DSA
-certificate involves several steps.
-First, you generate a
-.Ar DSA
-parameter set with a command like the following:
-.Bd -literal -offset indent
-# openssl dsaparam 1024 -out dsa1024.pem
-.Ed
-.Pp
-Would generate
-.Ar DSA
-parameters for 1024 bit
-.Ar DSA
-keys, and save them to the
-file
-.Pa dsa1024.pem .
-.Pp
-Once you have the
-.Ar DSA
-parameters generated, you can generate a certificate
-and unencrypted private key using the command:
-.Bd -literal -offset indent
-# openssl req -x509 -nodes -newkey dsa:dsa1024.pem \\
- -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
-.Ed
-.Pp
-To generate an encrypted private key, you would use:
-.Bd -literal -offset indent
-# openssl req -x509 -newkey dsa:dsa1024.pem \\
- -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
-.Ed
.Sh GENERATING RSA SERVER CERTIFICATES FOR WEB SERVERS
To support
.Ar https
@@ -198,6 +165,39 @@ you can switch to using the new certificate by replacing the self-signed
with the certificate signed by your Certifying Authority, and then
restarting
.Xr httpd 8
+.Sh GENERATING DSA SERVER CERTIFICATES
+Generating a
+.Ar DSA
+certificate involves several steps.
+First, you generate a
+.Ar DSA
+parameter set with a command like the following:
+.Bd -literal -offset indent
+# openssl dsaparam 1024 -out dsa1024.pem
+.Ed
+.Pp
+Would generate
+.Ar DSA
+parameters for 1024 bit
+.Ar DSA
+keys, and save them to the
+file
+.Pa dsa1024.pem .
+.Pp
+Once you have the
+.Ar DSA
+parameters generated, you can generate a certificate
+and unencrypted private key using the command:
+.Bd -literal -offset indent
+# openssl req -x509 -nodes -newkey dsa:dsa1024.pem \\
+ -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
+.Ed
+.Pp
+To generate an encrypted private key, you would use:
+.Bd -literal -offset indent
+# openssl req -x509 -newkey dsa:dsa1024.pem \\
+ -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
+.Ed
.Sh USING SSL/TLS WITH SENDMAIL
By default,
.Xr sendmail 8
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-26 11:17:12 +0000