[Bug 192225] New: Updates and corrections to OpenSSL section of the Handbook (14.6.1)

Mon Jul 28 22:39:50 UTC 2014

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192225

            Bug ID: 192225
           Summary: Updates and corrections to OpenSSL section of the
                    Handbook (14.6.1)
           Product: Documentation
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: Normal
         Component: Documentation
          Assignee: freebsd-doc at FreeBSD.org
          Reporter: rsimmons0 at gmail.com

Created attachment 145107
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=145107&action=edit
diff with corrections

The attached patch addresses the following items:

1) Minimum of 2048 bit keys are now recommended, with 1024 bit being
deprecated.

2) RSA or ECDSA are preferred over DSA, so the example now uses RSA.

3) Key, request, and certificate file names are all now consistent.

4) The self signed cert instructions are clearer with just two steps, and are
in line with the instructions in OpenSSL's documentation.

5) Key generation step changed to use the currently preferred genpkey (in line
with the man page's notes that other commands have been obsoleted/superseded by
genpkey).

6) Added a step to create an empty key file with proper permissions before key
creation. The way the key was being generated before left a possibly world
readable private key file on the file system for a period of time until the
user changes the permissions with chmod.

7) Fixed a typo in the recommended permissions from 0700 to 0600. There's no
need to set this as executable.

-- 
You are receiving this mail because:
You are the assignee for the bug.