diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2015-07-28 19:56:26 -0600 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-07-28 20:43:39 -0600 |
commit | f9102b8df60d50e00d2a45915d06837510cfd1aa (patch) | |
tree | ea40ed93fea872c2e32a890b799c28c2c1ab8946 /base/server/man | |
parent | c4c28d6f581ba0fa136afaab5651e976f6f79d2c (diff) | |
download | pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.tar.gz pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.tar.xz pki-f9102b8df60d50e00d2a45915d06837510cfd1aa.zip |
Add certutil options for ECC
- PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for creating
ecc admin certificate
Diffstat (limited to 'base/server/man')
-rw-r--r-- | base/server/man/man5/pki_default.cfg.5 | 2 | ||||
-rw-r--r-- | base/server/man/man8/pkispawn.8 | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/base/server/man/man5/pki_default.cfg.5 b/base/server/man/man5/pki_default.cfg.5 index df4f94428..17130aecf 100644 --- a/base/server/man/man5/pki_default.cfg.5 +++ b/base/server/man/man5/pki_default.cfg.5 @@ -125,7 +125,7 @@ Password for the admin user. This password is used to log into the pki-console .IP Email address for the admin user. .TP -.B pki_admin_dualkey, pki_admin_keysize, pki_admin_keytype +.B pki_admin_dualkey, pki_admin_keysize, pki_admin_key_type .IP Settings for the administrator certificate and keys. .TP diff --git a/base/server/man/man8/pkispawn.8 b/base/server/man/man8/pkispawn.8 index 8d8a4ff41..411d93f0e 100644 --- a/base/server/man/man8/pkispawn.8 +++ b/base/server/man/man8/pkispawn.8 @@ -265,6 +265,8 @@ where \fImyconfig.txt\fP contains the following text: .nf [DEFAULT] pki_admin_password=\fISecret123\fP +pki_admin_keysize=nistp256 +pki_admin_key_type=ecc pki_client_pkcs12_password=\fISecret123\fP pki_ds_password=\fISecret123\fP pki_ssl_server_key_algorithm=SHA256withEC @@ -286,7 +288,7 @@ pki_ocsp_signing_signing_algorithm=SHA256withEC .fi .PP -In order to utilize ECC, the SSL Server and Subsystem key algorithm, key size, and key type should be changed from SHA256withRSA --> SHA256withEC, 2048 --> nistp256, and rsa --> ecc, respectively. +In order to utilize ECC, the SSL Server and Subsystem key algorithm, key size, and key type should be changed from SHA256withRSA --> SHA256withEC, 2048 --> nistp256, and rsa --> ecc, respectively. To use an ECC admin key size and key type, the values should also be changed from 2048 --> nistp256, and rsa --> ecc. .PP Additionally, for a CA subsystem, both the CA and OCSP Signing key algorithm, key size, key type, and signing algorithm should be changed from SHA256withRSA --> SHA256withEC, 2048 --> nistp256, rsa --> ecc, and SHA256withRSA --> SHA256withEC,respectively. |