Clarify that you're supposed to send the certificate request to the CA,

rather than your private key. Suggested by: Brett Schroeder <brett at brettschroeder dot name>
svn path=/head/; revision=24580
2005-05-14 11:01:22 +00:00 · 2005-05-14 11:01:22 +00:00 · 5c7a8052ed · 2020-12-08 03:00:23 +00:00
commit 5c7a8052ed
parent 6f5b5fac0e
1 changed files with 9 additions and 4 deletions
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@ -3072,10 +3072,15 @@ An optional company name []:<userinput><replaceable>Another Name</replaceable></
 	are available.  A complete list may be obtained by viewing
 	the &man.openssl.1; manual page.</para>

-      <para>A <filename>cert.pem</filename> file should now exist in
-	the directory which the aforementioned command was issued.  This
-	is the certificate which may be sent to any
-	<acronym>CA</acronym> for signing.</para>
+      <para>Two files should now exist in
+	the directory in which the aforementioned command was issued.
+	The certificate request, <filename>req.pem</filename>, may be
+	sent to a certificate authority who will validate the credentials
+	that you entered, sign the request and return the certificate to
+	you.  The second file created will be named <filename>cert.pem</filename>
+	and is the private key for the certificate and should be
+	protected at all costs; if this falls in the hands of others it
+	can be used to impersonate you (or your server).</para>

      <para>In cases where a signature from a <acronym>CA</acronym> is
 	not required, a self signed certificate can be created.  First,