Grobix · August 29, 2015 14:26 · Jul 30, 2015 · Jul 30, 2015 · Jul 30, 2015 · Jul 30, 2015
diff --git a/ssl.md b/ssl.md
@@ -1,6 +1,12 @@
 These commands are needed every time you want to generate a new certificate
 signing request to give to an authority in order for them to generate and sign
-a certificate for you. Good info on https://www.h2check.org/deploy
+a certificate for you.
+
+I constantly forget how this stuff works so I collected the most important ones
+here for easy copy & paste.
+
+There is good information available on https://www.h2check.org/deploy, and they
+also go into detail on HTTP/2.
 
 ## Generate new private key
 

diff --git a/ssl.md b/ssl.md
@@ -37,3 +37,13 @@ http://blog.ivanristic.com/2013/06/ssl-labs-deploying-forward-secrecy.html
 ```shell
 $ openssl dhparam -out dhparam.pem 2048
 ```
+
+## Self signed cert
+
+Use this to test SSL config on localhost but realize that *these certs will not be trusted by browsers*.
+
+```shell
+$ openssl req -x509 -newkey rsa:2048 -keyout example.com.key -out example.com.crt -days 365 -nodes
+```
+
+`-nodes` means that the private key will be unencrypted.
diff --git a/ssl.md b/ssl.md
@@ -32,6 +32,8 @@ $ openssl req -noout -text -in example.com.csr
 
 ## Diffie-Hellman paratemers
 
+http://blog.ivanristic.com/2013/06/ssl-labs-deploying-forward-secrecy.html
+
 ```shell
 $ openssl dhparam -out dhparam.pem 2048
 ```
diff --git a/ssl.md b/ssl.md
@@ -1,31 +1,37 @@
 These commands are needed every time you want to generate a new certificate
 signing request to give to an authority in order for them to generate and sign
-a certificate for you. https://www.h2check.org/deploy
+a certificate for you. Good info on https://www.h2check.org/deploy
 
-# Generate new private key
+## Generate new private key
 
 This is **unencrypted and must be kept private**.
 
 ```shell
 $ openssl genrsa -out example.com.key 2048
 ```
 
-# Generate Certificate Signing Request (CSR) using the private key
+## Generate Certificate Signing Request (CSR) using the private key
 
 ```shell
 $ openssl req -new -sha256 -key example.com.key -out example.com.csr
 ```
 
-# Single command
+## Single command
 
 ```shell
 $ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
 ```
 
-# Check a CSR
+## Check a CSR
 
 This allows you to check the information enclosed in a CSR.
 
 ```shell
 $ openssl req -noout -text -in example.com.csr
 ```
+
+## Diffie-Hellman paratemers
+
+```shell
+$ openssl dhparam -out dhparam.pem 2048
+```
diff --git a/ssl.md b/ssl.md
@@ -1,6 +1,6 @@
 These commands are needed every time you want to generate a new certificate
 signing request to give to an authority in order for them to generate and sign
-a certificate for you.
+a certificate for you. https://www.h2check.org/deploy
 
 # Generate new private key
 
@@ -29,5 +29,3 @@ This allows you to check the information enclosed in a CSR.
 ```shell
 $ openssl req -noout -text -in example.com.csr
 ```
-
-https://www.h2check.org/deploy
diff --git a/ssl.md b/ssl.md
@@ -2,21 +2,21 @@ These commands are needed every time you want to generate a new certificate
 signing request to give to an authority in order for them to generate and sign
 a certificate for you.
 
-# generate new private key
+# Generate new private key
 
 This is **unencrypted and must be kept private**.
 
 ```shell
 $ openssl genrsa -out example.com.key 2048
 ```
 
-# generate Certificate Signing Request (CSR) using the private key
+# Generate Certificate Signing Request (CSR) using the private key
 
 ```shell
 $ openssl req -new -sha256 -key example.com.key -out example.com.csr
 ```
 
-# all in one command
+# Single command
 
 ```shell
 $ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
@@ -28,4 +28,6 @@ This allows you to check the information enclosed in a CSR.
 
 ```shell
 $ openssl req -noout -text -in example.com.csr
-```
+```
+
+https://www.h2check.org/deploy
diff --git a/ssl.md b/ssl.md
@@ -1,5 +1,11 @@
+These commands are needed every time you want to generate a new certificate
+signing request to give to an authority in order for them to generate and sign
+a certificate for you.
+
 # generate new private key
 
+This is **unencrypted and must be kept private**.
+
 ```shell
 $ openssl genrsa -out example.com.key 2048
 ```
@@ -10,14 +16,16 @@ $ openssl genrsa -out example.com.key 2048
 $ openssl req -new -sha256 -key example.com.key -out example.com.csr
 ```
 
-# all in one go
+# all in one command
 
 ```shell
 $ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
 ```
 
 # Check a CSR
 
+This allows you to check the information enclosed in a CSR.
+
 ```shell
 $ openssl req -noout -text -in example.com.csr
 ```
diff --git a/ssl.md b/ssl.md
@@ -0,0 +1,23 @@
+# generate new private key
+
+```shell
+$ openssl genrsa -out example.com.key 2048
+```
+
+# generate Certificate Signing Request (CSR) using the private key
+
+```shell
+$ openssl req -new -sha256 -key example.com.key -out example.com.csr
+```
+
+# all in one go
+
+```shell
+$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
+```
+
+# Check a CSR
+
+```shell
+$ openssl req -noout -text -in example.com.csr
+```