This diff fixes a few grammar/punctuation issues and missing words on the ssl(8) man page. I have also added some text to make it flow better.
ok? Index: ssl.8 =================================================================== RCS file: /cvs/src/share/man/man8/ssl.8,v retrieving revision 1.50 diff -u -p -r1.50 ssl.8 --- ssl.8 27 May 2012 07:04:52 -0000 1.50 +++ ssl.8 15 Jun 2012 04:05:34 -0000 @@ -66,7 +66,7 @@ device does not exist or is not readable This is most commonly seen by users as the .Ar RSA routines failing in applications such as -.Xr ssh 1 , +.Xr ssh 1 and .Xr httpd 8 . .Pp @@ -109,12 +109,20 @@ transactions in you will need to generate an .Ar RSA certificate. +The first step is to generate a key using a command like the following: .Bd -literal -offset indent # openssl genrsa -out /etc/ssl/private/server.key 2048 .Ed .Pp -Or, if you wish the key to be encrypted with a passphrase that you will -have to type in when starting servers +This command would generate a +2048 bit +.Ar RSA +key and save it to the file +file +.Pa /etc/ssl/private/server.key . +.Pp +Alternatively, if you wish the key to be encrypted with a passphrase +that you will have to type in when starting servers, use the command: .Bd -literal -offset indent # openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 .Ed @@ -166,7 +174,7 @@ you can switch to using the new certific .Pa /etc/ssl/server.crt with the certificate signed by your Certificate Authority, and then restarting -.Xr httpd 8 +.Xr httpd 8 . .Sh GENERATING DSA SERVER CERTIFICATES Generating a .Ar DSA @@ -178,7 +186,7 @@ parameter set with a command like the fo # openssl dsaparam 1024 -out dsa1024.pem .Ed .Pp -Would generate +This command would generate .Ar DSA parameters for 1024 bit .Ar DSA @@ -189,7 +197,7 @@ file Once you have the .Ar DSA parameters generated, you can generate a certificate -and unencrypted private key using the command: +and an unencrypted private key using the command: .Bd -literal -offset indent # openssl req -x509 -nodes -newkey dsa:dsa1024.pem \e -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
