summaryrefslogtreecommitdiff
path: root/share/man/man8
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man8')
-rw-r--r--share/man/man8/ssl.868
1 files changed, 10 insertions, 58 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8
index d55c906851d..34852a14d7f 100644
--- a/share/man/man8/ssl.8
+++ b/share/man/man8/ssl.8
@@ -1,16 +1,4 @@
-.Dd March 15, 1999
-.Dt SSL 8
-.Os
-.Sh NAME
-.Nm ssl
-.Nd details for libssl and libcrypto
-.Sh DESCRIPTION
-This document describes some of the issues relating to the use of
-Eric Young's libssl and libcrypto libraries. This document
-is intended as an overview of what the libraries do, what uses them,
-and the slightly unorthodox way of upgrading the library.
-.Pp
-The SSL libraries (libssl and libcrypto) implement the
+raries (libssl and libcrypto) implement the
.Ar SSL version 2 ,
.Ar SSL version 3 ,
and
@@ -99,7 +87,7 @@ algorithm, you can enable the full function of the
libraries by updating the shared libraries on your system,
using a command like:
.Bd -literal -offset xxx
-# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/2.5/packages/i386/libssl-1.1.tgz
+# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/2.6/packages/i386/libssl-1.1.tgz
.Ed
.Pp
(Obviously, replace
@@ -136,7 +124,7 @@ a
.Ar DSA
parameter set with a command like the following:
.Bd -literal -offset indent
-# ssleay dsaparam 1024 -out dsa1024.pem
+# openssl dsaparam 1024 -out dsa1024.pem
.Ed
.Pp
Would generate
@@ -152,13 +140,13 @@ Once you have the
paramters generated, you can generate a certificate
and unencrypted private key using the command:
.Bd -literal -offset indent
-# ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\
+# openssl req -x509 -nodes -newkey dsa:dsa1024.pem \\
-out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
.Ed
.Pp
To generate an encrypted private key, you would use:
.Bd -literal -offset indent
-# ssleay req -x509 -newkey dsa:dsa1024.pem \\
+# openssl req -x509 -newkey dsa:dsa1024.pem \\
-out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
.Ed
.Sh GENERATING RSA SERVER CERTIFICATES FOR WEB SERVERS
@@ -176,13 +164,13 @@ for
.Ar https
transactions.
.Bd -literal -offset indent
-# ssleay genrsa -out /etc/ssl/private/server.key 1024
+# openssl genrsa -out /etc/ssl/private/server.key 1024
.Ed
.Pp
Or, if you wish the key to be encrypted with a passphrase that you will
have to type in when starting servers
.Bd -literal -offset indent
-# ssleay genrsa -des3 -out /etc/ssl/private/server.key 1024
+# openssl genrsa -des3 -out /etc/ssl/private/server.key 1024
.Ed
.Pp
The next step is to generate a
@@ -193,7 +181,7 @@ to get a
to sign your certificate. To do this
use the command:
.Bd -literal -offset indent
-# ssleay req -new -key /etc/ssl/private/server.key \\
+# openssl req -new -key /etc/ssl/private/server.key \\
-out /etc/ssl/private/server.csr
.Ed
.Pp
@@ -210,41 +198,5 @@ to allow for DSA keys.
.Pp
You can also sign the key yourself, using the command:
.Bd -literal -offset indent
-# ssleay x509 -req -days 365 -in /etc/ssl/private/server.csr \\
- -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt
-.Ed
-.Pp
-With
-.Pa /etc/ssl/server.crt
-and
-.Pa /etc/ssl/private/server.key
-in place, you should be able to start
-.Xr httpd 8
-with the
-.Ar -DSSL
-flag, enabling
-.Ar https
-transactions with your machine on port 443.
-.Sh BUGS
-.Pp
-.Nm ssleay
-and
-.Nm libssl
-have nearly nonexistent documentation.
-Most documentation consists of examples and README files in
-the sources. Mail beck@openbsd.org to assist or
-encourage him to finish the job.
-.Pp
-The world needs more
-.Ar DSA
-capable
-.Ar SSL
-services.
-.Pp
-Patents can be renewed.
-.Sh SEE ALSO
-.Xr httpd 8 ,
-.Xr rc 8
-.Sh HISTORY
-This document first appeared in
-.Ox 2.5 .
+# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \\
+ -signkey