summaryrefslogtreecommitdiffstats
path: root/doc/tls_cert_ca.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/tls_cert_ca.html')
-rw-r--r--doc/tls_cert_ca.html38
1 files changed, 20 insertions, 18 deletions
diff --git a/doc/tls_cert_ca.html b/doc/tls_cert_ca.html
index efe34c85..7427bb03 100644
--- a/doc/tls_cert_ca.html
+++ b/doc/tls_cert_ca.html
@@ -68,19 +68,21 @@ sign other certificates.<br>
</li>
</ol>
<h3>Sample Screen Session</h3>
+<p>Text in red is user input. Please note that for some questions, there is no
+user input given. This means the default was accepted by simply pressing the
+enter key.
<code><pre>
-[root@rgf9dev sample]# certtool --generate-privkey --outfile ca-key.pem
-Generating a 1024 bit RSA private key...
-[root@rgf9dev sample]# certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem
-[root@rgf9dev sample]# certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem
+[root@rgf9dev sample]# <font color="red">certtool --generate-privkey --outfile ca-key.pem --bits 2048</font>
+Generating a 2048 bit RSA private key...
+[root@rgf9dev sample]# <font color="red">certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem</font>
Generating a self signed certificate...
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
-Country name (2 chars): US
-Organization name: SomeOrg
-Organizational unit name: SomeOU
-Locality name: Somewhere
-State or province name: CA
-Common name: someName (not necessarily DNS!)
+Country name (2 chars): <font color="red">US</font>
+Organization name: <font color="red">SomeOrg</font>
+Organizational unit name: <font color="red">SomeOU</font>
+Locality name: <font color="red">Somewhere</font>
+State or province name: <font color="red">CA</font>
+Common name: <font color="red">someName (not necessarily DNS!)</font>
UID:
This field should not be used in new certificates.
E-mail:
@@ -88,16 +90,16 @@ Enter the certificate's serial number (decimal):
Activation/Expiration time.
-The certificate will expire in (days): 3650
+The certificate will expire in (days): <font color="red">3650</font>
Extensions.
-Does the certificate belong to an authority? (Y/N): y
+Does the certificate belong to an authority? (Y/N): <font color="red">y</font>
Path length constraint (decimal, -1 for no constraint):
Is this a TLS web client certificate? (Y/N):
Is this also a TLS web server certificate? (Y/N):
-Enter the e-mail of the subject of the certificate: someone@example.net
-Will the certificate be used to sign other certificates? (Y/N): y
+Enter the e-mail of the subject of the certificate: <font color="red">someone@example.net</font>
+Will the certificate be used to sign other certificates? (Y/N): <font color="red">y</font>
Will the certificate be used to sign CRLs? (Y/N):
Will the certificate be used to sign code? (Y/N):
Will the certificate be used to sign OCSP requests? (Y/N):
@@ -111,7 +113,7 @@ X.509 Certificate Information:
Not After: Sun Jun 17 10:35:25 UTC 2018
Subject: C=US,O=SomeOrg,OU=SomeOU,L=Somewhere,ST=CA,CN=someName (not necessarily DNS!)
Subject Public Key Algorithm: RSA
- Modulus (bits 1024):
+ Modulus (bits 2048):
d9:9c:82:46:24:7f:34:8f:60:cf:05:77:71:82:61:66
05:13:28:06:7a:70:41:bf:32:85:12:5c:25:a7:1a:5a
28:11:02:1a:78:c1:da:34:ee:b4:7e:12:9b:81:24:70
@@ -135,12 +137,12 @@ Other Information:
Public Key Id:
fbfe968d10a73ae5b70d7b434886c8f872997b89
-Is the above information ok? (Y/N): y
+Is the above information ok? (Y/N): <font color="red">y</font>
Signing certificate...
-[root@rgf9dev sample]# chmod 400 ca-key.pem
-[root@rgf9dev sample]# ls -l
+[root@rgf9dev sample]# <font color="red">chmod 400 ca-key.pem</font>
+[root@rgf9dev sample]# <font color="red">ls -l</font>
total 8
-r-------- 1 root root 887 2008-06-19 12:33 ca-key.pem
-rw-r--r-- 1 root root 1029 2008-06-19 12:36 ca.pem