man.postnix Miscellaneous man pages of Plan 9 related material

     CERTS(3): certificates for authentication
     __________________________________________________

     DESCRIPTION

     Clive uses public key encryption in order to authenticate clients
     and  servers.   In  the  server machine, the server's private key
     must be stored in $HOME/.ssh/server.key (PEM  encoding)  and  the
     client's   autosigned   X.509   certificate  must  be  stored  in
     $HOME/.ssh/client.pem. In the client  machine,  the  private  key
     must   be   stored  in  $HOME/.ssh/client.key  and  the  server's
     certificate must be stored in $HOME/.ssh/server.pem.

     The private key and the certificate with the public  key  can  be
     generated with openssl. For example, in the server:

         ; cd $HOME/.ssh
         ; openssl req -new -nodes -x509 -out server.pem \
             -keyout server.key -days 500 -subj \
             '/C=DE/ST=NRW/L=Earth/O=Random \
             Company/OU=IT/CN=lsub.org/emailAddress=dont@mail.me'

     The web(1) command uses /zx/lib/webkey.pem for  the  private  key
     and /zx/lib/webcert.pem for the certificate, for TLS connections.

     SEE ALSO

     +o    xzx(1)

     +o    zxfuse(1)

     +o    auth(1)

     __________________________________________________

      User's manual. Section 3. Copyright © LSUB 2014-2016