> After getting into building and especially configuring my own CA again I'm
> nearly at the end and I've noticed some errors in the documentation I want
> to report.

I like the "again" :)
 
> 3) On https://www.openssl.org/docs/apps/req.html the option -subj is listed
> twice with a slightly different explanation

That's a bug, we'll fix it. Thanks.

> 1) On https://www.openssl.org/docs/apps/ca.html for the -md option not all
> possible values (sha256, sha384, etc.) are list but just md5, sha1 and mdc2
> 2) On https://www.openssl.org/docs/apps/req.html for the -[digest] option
> not all possible values are listed
> 4) On https://www.openssl.org/docs/apps/req.html for the default_md
> option not all possible values are listed (shouldn't this reference the 
> -[digest]
> option)
> 5) On https://www.openssl.org/docs/apps/x509.html not all available
> options are listed in -md2|-md5|-sha1|-mdc2

Getting this correct is incredibly painful, as it depends on the configuration 
options chosen when building openssl, and right now the manpages are not 
affected by the config.  Our plan for this is to say "any supported digest."   
That will be updated in a couple of days, and then pushed to the website in 
hour or so later.
 
> I also would like to ask if there's a newer version (or subtree) of openssl 
> that
> is cleaned up.

I don't know what you mean by this. 

> Currently there are many ways of creating a CSR, signing a
> certificate, etc. I think this is confusing everybody.

The CA script is a wrapper around the various commands, and is reasonable.  But 
we're not planning on removing any of the current mechanisms.  Ivan Ristic has 
a really great, free, OpenSSL cookbook that might be useful: 
https://www.feistyduck.com/books/openssl-cookbook/


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to