From: Eric Mill Date: Fri, 7 Nov 2014 15:05:00 +0000 (-0500) Subject: doc: update openssl commands to use best practices X-Git-Tag: v1.0.0~80 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d8d1c4c87cfecd4389111efbfacae1daa1b5d7fb;p=platform%2Fupstream%2Fnodejs.git doc: update openssl commands to use best practices This updates key size to 2048 and default hash function to sha256. Reviewed-by: Fedor Indutny PR-URL: https://github.com/joyent/node/pull/8690 Cherry-picked-from: https://github.com/joyent/node/commit/88bd95cfef5973de0027b8eb5210e5e97252c7e2 --- diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index d63a6eb..7fcafb9 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -10,14 +10,14 @@ Secure Socket Layer: encrypted stream communication. TLS/SSL is a public/private key infrastructure. Each client and each server must have a private key. A private key is created like this: - openssl genrsa -out ryans-key.pem 1024 + openssl genrsa -out ryans-key.pem 2048 All servers and some clients need to have a certificate. Certificates are public keys signed by a Certificate Authority or self-signed. The first step to getting a certificate is to create a "Certificate Signing Request" (CSR) file. This is done with: - openssl req -new -key ryans-key.pem -out ryans-csr.pem + openssl req -new -sha256 -key ryans-key.pem -out ryans-csr.pem To create a self-signed certificate with the CSR, do this: