From 8062e205a3b26cc2153ab8f1377f2aaff5f5097f Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Sun, 29 Dec 2013 10:34:29 -0800 Subject: [PATCH] posts:x.509-certificates: Use --outfile with --generate-privkey Instead of redirection. This sets up restricted permissions (-rw-------) automatically, even if you have a permissive umask. --- posts/X.509_certificates.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/posts/X.509_certificates.mdwn b/posts/X.509_certificates.mdwn index 7266baa..ffb652d 100644 --- a/posts/X.509_certificates.mdwn +++ b/posts/X.509_certificates.mdwn @@ -10,7 +10,7 @@ GnuTLS Following the [GnuTLS manual][gnutls-manual], create a certificate authority with [certtool][], adjusting the `cn` as you see fit: - $ certtool --generate-privkey > x509-ca-key.pem + $ certtool --generate-privkey --outfile x509-ca-key.pem $ echo 'cn = GnuTLS test CA' > ca.tmpl $ echo 'ca' >> ca.tmpl $ echo 'cert_signing_key' >> ca.tmpl @@ -19,7 +19,7 @@ authority with [certtool][], adjusting the `cn` as you see fit: Now generate the *unencrypted* server key. - $ certtool --generate-privkey > x509-server-key.pem + $ certtool --generate-privkey --outfile x509-server-key.pem And sign the key with your CA, adjusting the `cn` as you see fit, and changing `dns_name` to match your fully qualified host name. -- 2.26.2