From 9dad3bd6652224aa9a1ce1994a082b000243e09c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 20 Aug 2018 14:05:28 +0200
Subject: SSLCERTS: improve the openssl command line

... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.
---
 docs/SSLCERTS.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md
index 3fcd345b0..2c5be68e6 100644
--- a/docs/SSLCERTS.md
+++ b/docs/SSLCERTS.md
@@ -92,8 +92,8 @@ server, do one of the following:
     If you use the 'openssl' tool, this is one way to get extract the CA cert
     for a particular server:
 
-     - `openssl s_client -connect xxxxx.com:443 |tee logfile`
-     - type "QUIT", followed by the "ENTER" key
+     - `openssl s_client -showcerts -servername server -connect server:443 > cacert.pem`
+     - type "quit", followed by the "ENTER" key
      - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"
        markers.
      - If you want to see the data in the certificate, you can do: "openssl
-- 
cgit v1.2.1