Fix broken commands, complete the client-cert steps, modernize openssl usage#1
Open
shehio wants to merge 3 commits into
Open
Fix broken commands, complete the client-cert steps, modernize openssl usage#1shehio wants to merge 3 commits into
shehio wants to merge 3 commits into
Conversation
- Replace all 123 non-breaking spaces (U+00A0) with regular spaces; several sat inside code blocks and broke commands when pasted - Fix en dashes used as option flags (ssh -i, -pubout) - Fix /etc/apahce2 typo in the symlink command (would create a broken link and silently fail to enable the SSL site) - Add missing spaces between Apache directives and their paths (SSLCertificateFile/... is a syntax error in apache2.conf) - Fix run-together filenames in a sample ls output Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Add the missing client certificate signing step: the tutorial created client.req and then referenced client.crt without ever showing how to sign it. Use a distinct serial (0x3E9) since two certificates from the same CA must not share one. - Sign explicitly with -sha256: openssl versions of the tutorial's era defaulted to SHA-1, which browsers reject (the README itself ran into this with Chrome). - Drop -extensions server from the server signing command: without -extfile it is ignored (current openssl warns "ignoring -extensions option without -extfile"). - Include the CA in the client.p12 via -certfile, matching the text's description of the file's contents. - Add a note that modern browsers require subjectAltName (CN is ignored), with the -addext one-liner for openssl >= 1.1.1. - Correct the PEM/DER note: base64 is an encoding, not encryption. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- openssl req man page moved: old apps/req.html URL now 404s, point to docs.openssl.org/master/man1/openssl-req/ - Ubuntu serverguide certificates page now redirects to a generic landing page; point to its successor on documentation.ubuntu.com - MSDN link redirects with tracking params; use the clean learn.microsoft.com URL - Upgrade remaining http:// references to https:// - Promote "Index:" to a proper markdown heading - Replace 17 narrow no-break spaces (U+202F) in the Index section with regular spaces; fix two small grammar slips Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This tutorial's commands had several issues that would trip up anyone following along verbatim. All changes preserve the tutorial's approach and structure; the full openssl sequence was re-run end-to-end against OpenSSL 3.6 to confirm it works.
Copy-paste correctness
keytool -importline), silently breaking commands when pasted.ssh –i→ssh -i,–pubout→-pubout)./etc/apahce2typo in theln -scommand, which would create a broken symlink and quietly fail to enable the SSL site.SSLCertificateFile/home/...is a config syntax error) and in a run-togetherlsoutput.Technical accuracy of the openssl steps
client.req, then referencedclient.crtwithout ever showing how to produce it. Used a distinct serial (0x3E9) since two certs issued by one CA must not share a serial.-sha256explicitly: openssl of the tutorial's era defaulted to SHA-1, which browsers reject — the README itself hit this with Chrome. Explicit-sha256keeps the tutorial working on old and new openssl alike.-extensions serverfrom the signing command: without-extfileit does nothing (current openssl warnsignoring -extensions option without -extfile).client.p12now actually contains the CA (-certfile CA.crt), matching the text's own description of the file.-addextone-liner for openssl ≥ 1.1.1.Links and hygiene
reqman-page link and the Ubuntu serverguide link that now redirects to a generic landing page; replaced the MSDN redirect with the clean learn.microsoft.com URL; upgraded remaininghttp://references tohttps://.Index:line to a proper heading; fixed two small grammar slips.No keys or certificates are committed to this repo (README-only tutorial), so nothing to flag there.
🤖 Generated with Claude Code
https://claude.ai/code/session_014qGzgE6vMaqymzipNFYTDT