diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-06-13 14:36:39 -0400 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-06-13 14:36:39 -0400 |
| commit | f379b0e43cfa0137379ad0f78f48223eba7db61a (patch) | |
| tree | eeaea3ca39c31efdb09039a67a2a30fd540b4c7e /doc | |
| parent | 5114a9855a34eed4180bc9b724331927f88c8dfb (diff) | |
| download | bcfg2-f379b0e43cfa0137379ad0f78f48223eba7db61a.tar.gz bcfg2-f379b0e43cfa0137379ad0f78f48223eba7db61a.tar.bz2 bcfg2-f379b0e43cfa0137379ad0f78f48223eba7db61a.zip | |
improved SSLCA verification routines and logging
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/server/plugins/generators/sslca.txt | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/server/plugins/generators/sslca.txt b/doc/server/plugins/generators/sslca.txt index 8e33148cb..d2b051535 100644 --- a/doc/server/plugins/generators/sslca.txt +++ b/doc/server/plugins/generators/sslca.txt @@ -33,7 +33,7 @@ must contain full (not relative) paths. #. Add SSLCA to the **plugins** line in ``/etc/bcfg2.conf`` and restart the server -- This enabled the SSLCA plugin on the Bcfg2 server. -#. Add a section to your ``/etc/bcfg2.conf`` called sslca_foo, replacing foo +#. Add a section to your ``/etc/bcfg2.conf`` called ``sslca_foo``, replacing foo with the name you wish to give your CA so you can reference it in certificate definitions. @@ -51,6 +51,12 @@ must contain full (not relative) paths. specification. If you're using a self signing CA this would be the CA cert that you generated. +#. Optionally, add ``verify_certs = false`` if you don't wish to + perform certificate verification on the certs SSLCA generates. + Verification includes ``openssl verify`` to verify the CA chain, + and ensuring that both the key file and certificate file contain + the same key. + #. Once all this is done, you should have a section in your ``/etc/bcfg2.conf`` that looks similar to the following:: |