From 88bd95cfef5973de0027b8eb5210e5e97252c7e2 Mon Sep 17 00:00:00 2001 From: Eric Mill Date: Fri, 7 Nov 2014 10:05:00 -0500 Subject: [PATCH] doc: update openssl commands to use best practices This updates key size to 2048 and default hash function to sha256. Reviewed-By: Fedor Indutny PR-URL: https://github.com/joyent/node/pull/8690 --- doc/api/tls.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 805f9e75b5..ae75e0fe18 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -10,14 +10,14 @@ Secure Socket Layer: encrypted stream communication. TLS/SSL is a public/private key infrastructure. Each client and each server must have a private key. A private key is created like this: - openssl genrsa -out ryans-key.pem 1024 + openssl genrsa -out ryans-key.pem 2048 All servers and some clients need to have a certificate. Certificates are public keys signed by a Certificate Authority or self-signed. The first step to getting a certificate is to create a "Certificate Signing Request" (CSR) file. This is done with: - openssl req -new -key ryans-key.pem -out ryans-csr.pem + openssl req -new -sha256 -key ryans-key.pem -out ryans-csr.pem To create a self-signed certificate with the CSR, do this: