diff options
Diffstat (limited to 'share/man/man8')
-rw-r--r-- | share/man/man8/ssl.8 | 68 |
1 files changed, 10 insertions, 58 deletions
diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8 index d55c906851d..34852a14d7f 100644 --- a/share/man/man8/ssl.8 +++ b/share/man/man8/ssl.8 @@ -1,16 +1,4 @@ -.Dd March 15, 1999 -.Dt SSL 8 -.Os -.Sh NAME -.Nm ssl -.Nd details for libssl and libcrypto -.Sh DESCRIPTION -This document describes some of the issues relating to the use of -Eric Young's libssl and libcrypto libraries. This document -is intended as an overview of what the libraries do, what uses them, -and the slightly unorthodox way of upgrading the library. -.Pp -The SSL libraries (libssl and libcrypto) implement the +raries (libssl and libcrypto) implement the .Ar SSL version 2 , .Ar SSL version 3 , and @@ -99,7 +87,7 @@ algorithm, you can enable the full function of the libraries by updating the shared libraries on your system, using a command like: .Bd -literal -offset xxx -# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/2.5/packages/i386/libssl-1.1.tgz +# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/2.6/packages/i386/libssl-1.1.tgz .Ed .Pp (Obviously, replace @@ -136,7 +124,7 @@ a .Ar DSA parameter set with a command like the following: .Bd -literal -offset indent -# ssleay dsaparam 1024 -out dsa1024.pem +# openssl dsaparam 1024 -out dsa1024.pem .Ed .Pp Would generate @@ -152,13 +140,13 @@ Once you have the paramters generated, you can generate a certificate and unencrypted private key using the command: .Bd -literal -offset indent -# ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\ +# openssl req -x509 -nodes -newkey dsa:dsa1024.pem \\ -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem .Ed .Pp To generate an encrypted private key, you would use: .Bd -literal -offset indent -# ssleay req -x509 -newkey dsa:dsa1024.pem \\ +# openssl req -x509 -newkey dsa:dsa1024.pem \\ -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem .Ed .Sh GENERATING RSA SERVER CERTIFICATES FOR WEB SERVERS @@ -176,13 +164,13 @@ for .Ar https transactions. .Bd -literal -offset indent -# ssleay genrsa -out /etc/ssl/private/server.key 1024 +# openssl genrsa -out /etc/ssl/private/server.key 1024 .Ed .Pp Or, if you wish the key to be encrypted with a passphrase that you will have to type in when starting servers .Bd -literal -offset indent -# ssleay genrsa -des3 -out /etc/ssl/private/server.key 1024 +# openssl genrsa -des3 -out /etc/ssl/private/server.key 1024 .Ed .Pp The next step is to generate a @@ -193,7 +181,7 @@ to get a to sign your certificate. To do this use the command: .Bd -literal -offset indent -# ssleay req -new -key /etc/ssl/private/server.key \\ +# openssl req -new -key /etc/ssl/private/server.key \\ -out /etc/ssl/private/server.csr .Ed .Pp @@ -210,41 +198,5 @@ to allow for DSA keys. .Pp You can also sign the key yourself, using the command: .Bd -literal -offset indent -# ssleay x509 -req -days 365 -in /etc/ssl/private/server.csr \\ - -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt -.Ed -.Pp -With -.Pa /etc/ssl/server.crt -and -.Pa /etc/ssl/private/server.key -in place, you should be able to start -.Xr httpd 8 -with the -.Ar -DSSL -flag, enabling -.Ar https -transactions with your machine on port 443. -.Sh BUGS -.Pp -.Nm ssleay -and -.Nm libssl -have nearly nonexistent documentation. -Most documentation consists of examples and README files in -the sources. Mail beck@openbsd.org to assist or -encourage him to finish the job. -.Pp -The world needs more -.Ar DSA -capable -.Ar SSL -services. -.Pp -Patents can be renewed. -.Sh SEE ALSO -.Xr httpd 8 , -.Xr rc 8 -.Sh HISTORY -This document first appeared in -.Ox 2.5 . +# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \\ + -signkey |