Created attachment 145107 [details] diff with corrections The attached patch addresses the following items: 1) Minimum of 2048 bit keys are now recommended, with 1024 bit being deprecated. 2) RSA or ECDSA are preferred over DSA, so the example now uses RSA. 3) Key, request, and certificate file names are all now consistent. 4) The self signed cert instructions are clearer with just two steps, and are in line with the instructions in OpenSSL's documentation. 5) Key generation step changed to use the currently preferred genpkey (in line with the man page's notes that other commands have been obsoleted/superseded by genpkey). 6) Added a step to create an empty key file with proper permissions before key creation. The way the key was being generated before left a possibly world readable private key file on the file system for a period of time until the user changes the permissions with chmod. 7) Fixed a typo in the recommended permissions from 0700 to 0600. There's no need to set this as executable.
The documentation has been corrected in the meantime. Sorry we did not handle this PR when it was submitted.