Bug 192225 - Updates and corrections to OpenSSL section of the Handbook (14.6.1)
Summary: Updates and corrections to OpenSSL section of the Handbook (14.6.1)
Status: Closed Overcome By Events
Alias: None
Product: Documentation
Classification: Unclassified
Component: Documentation (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Gavin Atkinson
Depends on:
Reported: 2014-07-28 22:39 UTC by rsimmons0
Modified: 2020-07-11 18:57 UTC (History)
1 user (show)

See Also:

diff with corrections (4.47 KB, text/plain)
2014-07-28 22:39 UTC, rsimmons0
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description rsimmons0 2014-07-28 22:39:50 UTC
Created attachment 145107 [details]
diff with corrections

The attached patch addresses the following items:

1) Minimum of 2048 bit keys are now recommended, with 1024 bit being deprecated.

2) RSA or ECDSA are preferred over DSA, so the example now uses RSA.

3) Key, request, and certificate file names are all now consistent.

4) The self signed cert instructions are clearer with just two steps, and are in line with the instructions in OpenSSL's documentation.

5) Key generation step changed to use the currently preferred genpkey (in line with the man page's notes that other commands have been obsoleted/superseded by genpkey).

6) Added a step to create an empty key file with proper permissions before key creation. The way the key was being generated before left a possibly world readable private key file on the file system for a period of time until the user changes the permissions with chmod.

7) Fixed a typo in the recommended permissions from 0700 to 0600. There's no need to set this as executable.
Comment 1 Allan Jude freebsd_committer 2020-07-11 18:57:07 UTC
The documentation has been corrected in the meantime.

Sorry we did not handle this PR when it was submitted.