From: W. Trevor King <wking@tremily.us>
Date: Sun, 29 Dec 2013 18:34:29 +0000 (-0800)
Subject: posts:x.509-certificates: Use --outfile with --generate-privkey
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8062e205a3b26cc2153ab8f1377f2aaff5f5097f;p=blog.git

posts:x.509-certificates: Use --outfile with --generate-privkey

Instead of redirection.  This sets up restricted permissions
(-rw-------) automatically, even if you have a permissive umask.
---

diff --git a/posts/X.509_certificates.mdwn b/posts/X.509_certificates.mdwn
index 7266baa..ffb652d 100644
--- a/posts/X.509_certificates.mdwn
+++ b/posts/X.509_certificates.mdwn
@@ -10,7 +10,7 @@ GnuTLS
 Following the [GnuTLS manual][gnutls-manual], create a certificate
 authority with [certtool][], adjusting the `cn` as you see fit:
 
-    $ certtool --generate-privkey > x509-ca-key.pem
+    $ certtool --generate-privkey --outfile x509-ca-key.pem
     $ echo 'cn = GnuTLS test CA' > ca.tmpl
     $ echo 'ca' >> ca.tmpl
     $ echo 'cert_signing_key' >> ca.tmpl
@@ -19,7 +19,7 @@ authority with [certtool][], adjusting the `cn` as you see fit:
 
 Now generate the *unencrypted* server key.
 
-    $ certtool --generate-privkey > x509-server-key.pem
+    $ certtool --generate-privkey --outfile x509-server-key.pem
 
 And sign the key with your CA, adjusting the `cn` as you see fit, and
 changing `dns_name` to match your fully qualified host name.