From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 20 Aug 2018 12:05:28 +0000 (+0200)
Subject: SSLCERTS: improve the openssl command line
X-Git-Tag: curl-7_61_1~45
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9dad3bd6652224aa9a1ce1994a082b000243e09c;p=thirdparty%2Fcurl.git

SSLCERTS: improve the openssl command line

... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.
---

diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md
index 3fcd345b00..2c5be68e6a 100644
--- a/docs/SSLCERTS.md
+++ b/docs/SSLCERTS.md
@@ -92,8 +92,8 @@ server, do one of the following:
     If you use the 'openssl' tool, this is one way to get extract the CA cert
     for a particular server:
 
-     - `openssl s_client -connect xxxxx.com:443 |tee logfile`
-     - type "QUIT", followed by the "ENTER" key
+     - `openssl s_client -showcerts -servername server -connect server:443 > cacert.pem`
+     - type "quit", followed by the "ENTER" key
      - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"
        markers.
      - If you want to see the data in the certificate, you can do: "openssl