Fix problem with dsakey generation command for encrypted key, mention thawte.

1 files changed, 10 insertions, 4 deletions

diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8
index 08c13436395..f634336bd94 100644
--- a/share/man/man8/ssl.8
+++ b/share/man/man8/ssl.8
@@ -153,13 +153,13 @@ paramters generated, you can generate a certificate
 and unencrypted private key using the command:
 .Bd -literal -offset indent
 # ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\
-  -out /etc/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
+  -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
 .Ed
 .Pp
 To generate an encrypted private key, you would use:
 .Bd -literal -offset indent
-# ssleay req -x509 -nodes -newkey dsa:dsa1024.pem \\
-  -out /etc/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
+# ssleay req -x509 -newkey dsa:dsa1024.pem \\
+  -out /etc/ssl/dsacert.pem -keyout /etc/ssl/private/dsakey.pem
 .Ed
 .Sh GENERATING RSA SERVER CERTIFICATES FOR WEB SERVERS
 To generate
@@ -201,7 +201,13 @@ This
 .Pa server.csr
 file can then be given to
 .Ar Certifying Authority
-who will sign the key.
+who will sign the key. One such CA is 
+.Ar Thawte Certification
+which you can reach at
+.Ar http://www.thawte.com/.
+Thawte can currently sign RSA keys for you. A procedure is being worked out
+to allow for DSA keys.
+.Pp
 You can also sign the key yourself, using the command:
 .Bd -literal -offset indent
 # ssleay x509 -req -days 365 -in /etc/ssl/private/server.csr \\