From 8062e205a3b26cc2153ab8f1377f2aaff5f5097f Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Sun, 29 Dec 2013 10:34:29 -0800
Subject: [PATCH] posts:x.509-certificates: Use --outfile with
 --generate-privkey

Instead of redirection.  This sets up restricted permissions
(-rw-------) automatically, even if you have a permissive umask.
---
 posts/X.509_certificates.mdwn | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/posts/X.509_certificates.mdwn b/posts/X.509_certificates.mdwn
index 7266baa..ffb652d 100644
--- a/posts/X.509_certificates.mdwn
+++ b/posts/X.509_certificates.mdwn
@@ -10,7 +10,7 @@ GnuTLS
 Following the [GnuTLS manual][gnutls-manual], create a certificate
 authority with [certtool][], adjusting the `cn` as you see fit:
 
-    $ certtool --generate-privkey > x509-ca-key.pem
+    $ certtool --generate-privkey --outfile x509-ca-key.pem
     $ echo 'cn = GnuTLS test CA' > ca.tmpl
     $ echo 'ca' >> ca.tmpl
     $ echo 'cert_signing_key' >> ca.tmpl
@@ -19,7 +19,7 @@ authority with [certtool][], adjusting the `cn` as you see fit:
 
 Now generate the *unencrypted* server key.
 
-    $ certtool --generate-privkey > x509-server-key.pem
+    $ certtool --generate-privkey --outfile x509-server-key.pem
 
 And sign the key with your CA, adjusting the `cn` as you see fit, and
 changing `dns_name` to match your fully qualified host name.
-- 
2.26.2