From 659dd8691cca5cf6eb13abd2d4965aaf0d5b8569 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jczajka@google.com>
Date: Sun, 29 Sep 2024 13:05:26 +0200
Subject: [PATCH] [ca] Document generating a certificate with legacy
 algorithms.

---
 ca/README | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ca/README b/ca/README
index 3b3071a..f35deb0 100644
--- a/ca/README
+++ b/ca/README
@@ -47,10 +47,11 @@ Import
 ------
 
 Transform the certificate and the private key [6]. Upload the result to the
-browser [7].
+browser [7]. Add `-legacy` to ensure algorithmic interoperability with legacy
+systems.
 
 ```
-$ openssl pkcs12 -export -inkey <name>.key -in <name>.crt -out <name>.p12
+$ openssl pkcs12 -export -legacy -inkey <name>.key -in <name>.crt -out <name>.p12
 ```
 
 Renew
@@ -68,3 +69,4 @@ The CRL file expires after 30 days by defualt. Renew it by recreating the files.
 [5] https://unix.stackexchange.com/a/348488
 [6] https://superuser.com/a/1628622
 [7] https://superuser.com/a/1577753
+[8] https://stackoverflow.com/a/74792849
-- 
2.39.5