commit 5eb842cd1fe524b062d059e675342a0ce29767a4
from: Omar Polo <op@omarpolo.com>
date: Fri Apr 08 14:08:33 2022 UTC

rework the 'running gmid as a daemon' example a bit

commit - 5f03bf170fc0575bdb2e3c8504b73fc571f97937
commit + 5eb842cd1fe524b062d059e675342a0ce29767a4
blob - cbed02e2a3fc2a25b75b3c871850825f79c511c9
blob + 1c0a3204c854514a4489ae68abb950384b3c9bff
--- gmid.1
+++ gmid.1
@@ -182,29 +182,26 @@ $ chmod +x docs/cgi/hello
 $ gmid -x '/cgi/*' docs
 .Ed
 .Pp
-An X.509 certificate must be provided to run
+To run
 .Nm
-using a configuration file.
-First, the RSA certificate is created using a wildcard common name:
+as a deamon a configuration file and a X.509 certificate must be provided.
+A self-signed certificate, which are commonly used in the Geminispace,
+can be generated using for e.g.\&
+.Xr openssl 1 :
 .Bd -literal -offset indent
-# openssl genrsa \-out /etc/ssl/private/example.com.key 4096
-# openssl req \-new \-x509 \e
-	\-key /etc/ssl/private/example.com.key \e
-	\-out /etc/ssl/example.com.crt \e
-	\-days 36500 \-nodes \e
-	\-subj "/CN=example.com"
+# openssl req \-x509 \-newkey rsa:4096 \-nodes \e
+	\-keyout /etc/ssl/private/example.com.key \e
+	\-out /etc/ssl/example.com.pem \e
+	\-days 365 \-subj "/CN=example.com"
 # chmod 600 /etc/ssl/example.com.crt
 # chmod 600 /etc/ssl/private/example.com.key
 .Ed
 .Pp
-In the example above, a certificate is valid for one hundred years from
-the date it was created, which is normal for TOFU.
-.Pp
-Then, to run
+Then
 .Nm
-as a daemon:
+can be started with
 .Bd -literal -offset indent
-$ gmid -c /etc/gmid.conf
+# gmid -c /etc/gmid.conf
 .Ed
 .Sh SEE ALSO
 .Xr gmid.conf 5