tips: comparison tls.rst

equal deleted inserted replaced

-:f2450d4f1adc
+:5bb8692c080a
 openssl genrsa -des3 -out my.key -passout pass:123456 2048
 Generate DSA key::
 openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512)
+Select DSA curve::
+openssl ecparam -list_curves
 Generate a self-signed certificate
 ==================================
 ``openssl`` allows to generate self-signed certificate by a single command (``-newkey``
 -storetype pkcs12 -keyalg RSA -keysize 2048 -validity 3650 \
 -storepass 123456 \
 -dname "CN=localhost,O=home,C=US" \
 -ext 'san=dns:localhost,dns:web.internal,email:me@mail.internal'
+View the keystore::
+keytool -list -v -keystore my.p12 -storepass 123456
 To export the self-signed certificate::
 keytool -exportcert -keystore my.p12 -file my.crt \
 -alias master -rfc -storepass 123456
 PKCS#12 store keeps private keys and certificates, to combine a private key and certificates into the store::
 openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master
+Show info about PKCS#12 store::
+openssl pkcs12 -info -in certtool-srv.p12 -passin pass:123456 -nodes
+keytool -list -v -keystore my.p12 -storepass 123456
 To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED
 PRIVATE KEY``)::
 openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes
 To show private key info::
 openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout
-To show certificat info::
+To show certificate info::
 openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456
 openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout

changeset 2453	5bb8692c080a
parent 2451	892004bd19bb
child 2492	bd3d45148652