diff options
author | Eric Mill <eric@konklone.com> | 2014-11-07 10:05:00 -0500 |
---|---|---|
committer | Fedor Indutny <fedor@indutny.com> | 2014-11-11 20:39:57 +0300 |
commit | 88bd95cfef5973de0027b8eb5210e5e97252c7e2 (patch) | |
tree | c9bf49b4a4b025037db6f359d32f8f771fc84457 | |
parent | d435f4b3eb53011f3dd00230e1818fa2720d6beb (diff) | |
download | node-88bd95cfef5973de0027b8eb5210e5e97252c7e2.tar.gz |
doc: update openssl commands to use best practices
This updates key size to 2048 and default hash function to sha256.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/joyent/node/pull/8690
-rw-r--r-- | doc/api/tls.markdown | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 805f9e75b..ae75e0fe1 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -10,14 +10,14 @@ Secure Socket Layer: encrypted stream communication. TLS/SSL is a public/private key infrastructure. Each client and each server must have a private key. A private key is created like this: - openssl genrsa -out ryans-key.pem 1024 + openssl genrsa -out ryans-key.pem 2048 All servers and some clients need to have a certificate. Certificates are public keys signed by a Certificate Authority or self-signed. The first step to getting a certificate is to create a "Certificate Signing Request" (CSR) file. This is done with: - openssl req -new -key ryans-key.pem -out ryans-csr.pem + openssl req -new -sha256 -key ryans-key.pem -out ryans-csr.pem To create a self-signed certificate with the CSR, do this: |