# HG changeset patch
# User Oleksandr Gavenko <gavenkoa@gmail.com>
# Date 1604823674 -7200
# Node ID 5bb8692c080a56a24abef4ee4ee23a3a40145db3
# Parent  f2450d4f1adcebcb4c9dd9506af2ab46117202d4
Show info about PKCS#12 store.

diff -r f2450d4f1adc -r 5bb8692c080a tls.rst
--- a/tls.rst	Sun Nov 08 09:50:50 2020 +0200
+++ b/tls.rst	Sun Nov 08 10:21:14 2020 +0200
@@ -16,6 +16,10 @@
 
   openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512)
 
+Select DSA curve::
+
+  openssl ecparam -list_curves
+
 Generate a self-signed certificate
 ==================================
 
@@ -79,6 +83,10 @@
     -dname "CN=localhost,O=home,C=US" \
     -ext 'san=dns:localhost,dns:web.internal,email:me@mail.internal'
 
+View the keystore::
+
+  keytool -list -v -keystore my.p12 -storepass 123456
+
 To export the self-signed certificate::
 
   keytool -exportcert -keystore my.p12 -file my.crt \
@@ -113,6 +121,11 @@
 
   openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master
 
+Show info about PKCS#12 store::
+
+  openssl pkcs12 -info -in certtool-srv.p12 -passin pass:123456 -nodes
+  keytool -list -v -keystore my.p12 -storepass 123456
+
 To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED
 PRIVATE KEY``)::
 
@@ -127,7 +140,7 @@
 
   openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout
 
-To show certificat info::
+To show certificate info::
 
   openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456
   openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout