From e56a312a8da1e1dd6b108d5794b2833c0ba7014c Mon Sep 17 00:00:00 2001 From: tedu Date: Sat, 8 Jul 2017 02:13:36 +0000 Subject: [PATCH] add a hint about subjectAltName. this isn't great, but i'm not sure how to improve it without muddying up the whole page, and at a minimum it gives the reader a clue about some concepts to search the web for. if you can do better, make it so. :) --- share/man/man8/ssl.8 | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/share/man/man8/ssl.8 b/share/man/man8/ssl.8 index d69c46f8c0b..2a7641b921c 100644 --- a/share/man/man8/ssl.8 +++ b/share/man/man8/ssl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssl.8,v 1.64 2016/06/06 15:26:04 sthen Exp $ +.\" $OpenBSD: ssl.8,v 1.65 2017/07/08 02:13:36 tedu Exp $ .\" .\" Copyright (c) 1999 Theo de Raadt, Bob Beck .\" All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2016 $ +.Dd $Mdocdate: July 8 2017 $ .Dt SSL 8 .Os .Sh NAME @@ -94,6 +94,16 @@ You can also sign the key yourself, using the command: -out /etc/ssl/server.crt .Ed .Pp +Note that some new browsers have deprecated using the common name of a +certifate and require that subject alt names be provided. +This may require the use of +.Ar -extfile Pa server.ext +when self-signing. +.Bd -literal -offset indent +# this is an example server.ext file +subjectAltName=DNS:example.com,DNS:www.example.com +.Ed +.Pp With .Pa /etc/ssl/server.crt and -- 2.20.1