From 5ebada52ecc2d5a6431851ac1daca193264de416 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Thu, 18 Mar 1999 19:27:55 +0000 Subject: Fix problem with dsakey generation command for encrypted key, mention thawte. --- share/man/man8/ssl.8 | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'share/man/man8/ssl.8') diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8 index 08c13436395..f634336bd94 100644 --- a/share/man/man8/ssl.8 +++ b/share/man/man8/ssl.8 @@ -153,13 +153,13 @@ paramters generated, you can generate a certificate and unencrypted private key using the command: .Bd -literal -offset indent # ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\ - -out /etc/dsacert.pem -keyout /etc/ssl/private/dsakey.pem + -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem .Ed .Pp To generate an encrypted private key, you would use: .Bd -literal -offset indent -# ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\ - -out /etc/dsacert.pem -keyout /etc/ssl/private/dsakey.pem +# ssleay req -x509 -newkey dsa:dsa1024.pem \\ + -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem .Ed .Sh GENERATING RSA SERVER CERTIFICATES FOR WEB SERVERS To generate @@ -201,7 +201,13 @@ This .Pa server.csr file can then be given to .Ar Certifying Authority -who will sign the key. +who will sign the key. One such CA is +.Ar Thawte Certification +which you can reach at +.Ar http://www.thawte.com/. +Thawte can currently sign RSA keys for you. A procedure is being worked out +to allow for DSA keys. +.Pp You can also sign the key yourself, using the command: .Bd -literal -offset indent # ssleay x509 -req -days 365 -in /etc/ssl/private/server.csr \\ -- cgit v1.2.3