CERTS(3): certificates for authentication
DESCRIPTION
Clive uses public key encryption in order to authenticate clients and servers. In the server machine, the server's private key must be stored in$HOME/.ssh/server.key (PEM
encoding) and the client's autosigned X.509 certificate must be stored
in $HOME/.ssh/client.pem. In the client
machine, the private key must be stored in
$HOME/.ssh/client.key and the server's
certificate must be stored in
$HOME/.ssh/server.pem.
The private key and the certificate with the public key can be
generated with openssl. For example, in the
server:
; cd $HOME/.ssh
; openssl req -new -nodes -x509 -out server.pem \
-keyout server.key -days 500 -subj \
"/C=DE/ST=NRW/L=Earth/O=Random \
Company/OU=IT/CN=lsub.org/emailAddress=dont@mail.me"
The web(1) command uses
/zx/lib/webkey.pem for the private key and
/zx/lib/webcert.pem for the certificate, for
TLS connections.
SEE ALSO
