acmed(8), rsa(8): add role=client attribute to rsa keys

author: cinap_lenrek <cinap_lenrek@felloff.net> 2021-12-06 15:40:18 +0000
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2021-12-06 15:40:18 +0000
commit: be0b39f9c57cc4c2768c341fcf87a15fcab0165c (patch)
tree: 90eeb738264fb0dc2892d3dd48428e34e0e1745d /sys/man/8
parent: 69249e8313fb8853c5c162dd16b927099e25bb15 (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/sys/man/8/acmed b/sys/man/8/acmed
index 4a0291df4..7eb924316 100644
--- a/sys/man/8/acmed
+++ b/sys/man/8/acmed
@@ -159,7 +159,7 @@ On the TLS server side, you can generate a RSA key
 and certificate signing request file like this:
 .IP
 .EX
-auth/rsagen -t 'service=tls owner=*' > cert.key
+auth/rsagen -t 'service=tls role=client owner=*' > cert.key
 auth/rsa2csr 'CN=mydomain.com' cert.key \\
 	> /sys/lib/tls/acmed/mydomain.com.csr
 .EE
diff --git a/sys/man/8/rsa b/sys/man/8/rsa
index 92ccba315..832642457 100644
--- a/sys/man/8/rsa
+++ b/sys/man/8/rsa
@@ -277,7 +277,7 @@ attribute on standard output.
 Generate a fresh key and use it to start a TLS-enabled web server:
 .IP
 .EX
-auth/rsagen -t 'service=tls owner=*' >key
+auth/rsagen -t 'service=tls role=client owner=*' >key
 auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
 	auth/pemencode CERTIFICATE >cert
 cat key >/mnt/factotum/ctl
@@ -288,7 +288,7 @@ Generate a fresh key and configure a remote Unix system to
 allow use of that key for logins:
 .IP
 .EX
-auth/rsagen -t 'service=ssh' >key
+auth/rsagen -t 'service=ssh role=client' >key
 auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
 cat key >/mnt/factotum/ctl
 ssh unix
author	cinap_lenrek <cinap_lenrek@felloff.net>	2021-12-06 15:40:18 +0000
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2021-12-06 15:40:18 +0000
commit	be0b39f9c57cc4c2768c341fcf87a15fcab0165c (patch)
tree	90eeb738264fb0dc2892d3dd48428e34e0e1745d /sys/man/8
parent	69249e8313fb8853c5c162dd16b927099e25bb15 (diff)