ref: be0b39f9c57cc4c2768c341fcf87a15fcab0165c
parent: 69249e8313fb8853c5c162dd16b927099e25bb15
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Dec 6 10:40:18 EST 2021
acmed(8), rsa(8): add role=client attribute to rsa keys
--- a/sys/man/8/acmed
+++ b/sys/man/8/acmed
@@ -159,7 +159,7 @@
and certificate signing request file like this:
.IP
.EX
-auth/rsagen -t 'service=tls owner=*' > cert.key
+auth/rsagen -t 'service=tls role=client owner=*' > cert.key
auth/rsa2csr 'CN=mydomain.com' cert.key \\
> /sys/lib/tls/acmed/mydomain.com.csr
.EE
--- a/sys/man/8/rsa
+++ b/sys/man/8/rsa
@@ -277,7 +277,7 @@
Generate a fresh key and use it to start a TLS-enabled web server:
.IP
.EX
-auth/rsagen -t 'service=tls owner=*' >key
+auth/rsagen -t 'service=tls role=client owner=*' >key
auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
auth/pemencode CERTIFICATE >cert
cat key >/mnt/factotum/ctl
@@ -288,7 +288,7 @@
allow use of that key for logins:
.IP
.EX
-auth/rsagen -t 'service=ssh' >key
+auth/rsagen -t 'service=ssh role=client' >key
auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
cat key >/mnt/factotum/ctl
ssh unix