[packages/cups.git] / cups-ENCRYPTIONtxt.patch

--- cups-1.1.10/ENCRYPTION.txt.orig	Thu Jan  4 07:42:35 2001
+++ cups-1.1.10/ENCRYPTION.txt	Thu Jan  4 09:23:15 2001
@@ -94,6 +94,8 @@
 properly signed it will generate all kinds of warnings in
 Netscape and MSIE:
 
+    mkdir /etc/cups/ssl
+
     openssl req -new -x509 -keyout /etc/cups/ssl/server.key \
         -out /etc/cups/ssl/server.crt -days 365 -nodes
 
@@ -103,6 +105,51 @@
 encrypted.  The cupsd process runs in the background, detached
 from any input source; if you encrypt these files then cupsd
 will not be able to load them!
+
+If the above "openssl" command issues messages as
+
+    Using configuration from /usr/lib/ssl/openssl.cnf
+    Unable to load config info
+
+and later on
+
+    unable to find 'distinguished_name'
+    problems making Certificate Request
+
+create a file /usr/lib/ssl/openssl.cnf (or how it was called in the
+error message) containing
+
+-----------------openssl.cnf-------------------------------------------
+
+[ req ]
+distinguished_name     = req_distinguished_name
+[ req_distinguished_name ]
+countryName                    = Country Name (2 letter code)
+countryName_default            = US
+countryName_min                = 2
+countryName_max                = 2
+localityName                   = Locality Name (eg, city)
+organizationalUnitName         = Organizational Unit Name (eg, section)
+commonName                     = Common Name (eg, YOUR name)
+commonName_max                 = 64
+emailAddress                   = Email Address
+emailAddress_max               = 40
+
+-----------------------------------------------------------------------
+
+and repeat the two commands. Now you will be asked some questions and
+the certificate will be generated.
+
+Give the commands
+
+   man req
+
+and
+
+   man openssl
+
+if you have further questions. See especially the "DIAGNOSTICS" and
+"EXAMPLES" sections of the "req" man page.
 
 Send all rants about non-encrypted certificate and key files to
 /dev/null.  It makes sense to encrypt user files, but not for
Commit	Line	Data
d153bbe3	1	--- cups-1.1.10/ENCRYPTION.txt.orig Thu Jan 4 07:42:35 2001
	2	+++ cups-1.1.10/ENCRYPTION.txt Thu Jan 4 09:23:15 2001
	3	@@ -94,6 +94,8 @@
	4	properly signed it will generate all kinds of warnings in
	5	Netscape and MSIE:
	6
	7	+ mkdir /etc/cups/ssl
	8	+
	9	openssl req -new -x509 -keyout /etc/cups/ssl/server.key \
	10	-out /etc/cups/ssl/server.crt -days 365 -nodes
	11
	12	@@ -103,6 +105,51 @@
	13	encrypted. The cupsd process runs in the background, detached
	14	from any input source; if you encrypt these files then cupsd
	15	will not be able to load them!
	16	+
	17	+If the above "openssl" command issues messages as
	18	+
	19	+ Using configuration from /usr/lib/ssl/openssl.cnf
	20	+ Unable to load config info
	21	+
	22	+and later on
	23	+
	24	+ unable to find 'distinguished_name'
	25	+ problems making Certificate Request
	26	+
	27	+create a file /usr/lib/ssl/openssl.cnf (or how it was called in the
	28	+error message) containing
	29	+
	30	+-----------------openssl.cnf-------------------------------------------
	31	+
	32	+[ req ]
	33	+distinguished_name = req_distinguished_name
	34	+[ req_distinguished_name ]
	35	+countryName = Country Name (2 letter code)
	36	+countryName_default = US
	37	+countryName_min = 2
	38	+countryName_max = 2
	39	+localityName = Locality Name (eg, city)
	40	+organizationalUnitName = Organizational Unit Name (eg, section)
	41	+commonName = Common Name (eg, YOUR name)
	42	+commonName_max = 64
	43	+emailAddress = Email Address
	44	+emailAddress_max = 40
	45	+
	46	+-----------------------------------------------------------------------
	47	+
	48	+and repeat the two commands. Now you will be asked some questions and
	49	+the certificate will be generated.
	50	+
	51	+Give the commands
	52	+
	53	+ man req
	54	+
	55	+and
	56	+
	57	+ man openssl
	58	+
	59	+if you have further questions. See especially the "DIAGNOSTICS" and
	60	+"EXAMPLES" sections of the "req" man page.
	61
	62	Send all rants about non-encrypted certificate and key files to
	63	/dev/null. It makes sense to encrypt user files, but not for