acmed(8), rsa(8): add role=client attribute to rsa keys

2021-12-06 15:40:18 +00:00 · 2021-12-06 15:40:18 +00:00 · be0b39f9c5
commit be0b39f9c5
parent 69249e8313
2 changed files with 3 additions and 3 deletions
--- a/sys/man/8/acmed
+++ b/sys/man/8/acmed
@ -159,7 +159,7 @@ On the TLS server side, you can generate a RSA key
 and certificate signing request file like this:
 .IP
 .EX
-auth/rsagen -t 'service=tls owner=*' > cert.key
+auth/rsagen -t 'service=tls role=client owner=*' > cert.key
 auth/rsa2csr 'CN=mydomain.com' cert.key \\
 	> /sys/lib/tls/acmed/mydomain.com.csr
 .EE
--- a/sys/man/8/rsa
+++ b/sys/man/8/rsa
@ -277,7 +277,7 @@ attribute on standard output.
 Generate a fresh key and use it to start a TLS-enabled web server:
 .IP
 .EX
-auth/rsagen -t 'service=tls owner=*' >key
+auth/rsagen -t 'service=tls role=client owner=*' >key
 auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
 	auth/pemencode CERTIFICATE >cert
 cat key >/mnt/factotum/ctl
@ -288,7 +288,7 @@ Generate a fresh key and configure a remote Unix system to
 allow use of that key for logins:
 .IP
 .EX
-auth/rsagen -t 'service=ssh' >key
+auth/rsagen -t 'service=ssh role=client' >key
 auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
 cat key >/mnt/factotum/ctl
 ssh unix