From f863ca03a0a635019f2e3dd92333f9e3b96d833f Mon Sep 17 00:00:00 2001 From: Priit Tark Date: Mon, 2 Mar 2015 17:26:49 +0200 Subject: [PATCH] Sertificate readme refactor and updated application-example file --- config/application-example.yml | 4 ++++ doc/certificates.md | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/config/application-example.yml b/config/application-example.yml index 5021eb195..594522fd0 100644 --- a/config/application-example.yml +++ b/config/application-example.yml @@ -21,3 +21,7 @@ webclient_ip: '127.0.0.1' # autotest config overwrites test: webclient_ip: '127.0.0.1' # it should match to localhost ip address + ca_cert_path: '/var/lib/jenkins/workspace/registry/ca/certs/ca.crt.pem' + ca_key_path: '/var/lib/jenkins/workspace/registry/ca/private/ca.key.pem' + ca_key_password: 'test' + diff --git a/doc/certificates.md b/doc/certificates.md index aba420862..647c59164 100644 --- a/doc/certificates.md +++ b/doc/certificates.md @@ -16,6 +16,16 @@ Private key and certificate must be packaged to pkcs12 and added to user browser ### Registry setup +Setup CA directory in shared directory: + + cd /home/registry/registry/shared + mkdir ca ca/certs ca/crl ca/newcerts ca/private ca/csrs + cd ca + chmod 700 private + touch index.txt + echo 1000 > serial + echo 1000 > crlnumber + Configure OpenSSL: sudo cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bak @@ -53,16 +63,6 @@ Make sure the following options are in place: basicConstraints = CA:true # around line nr 240 keyUsage = cRLSign, keyCertSign # around line nr 245 -Setup CA directory in shared directory: - - cd /home/registry/registry/shared - mkdir ca ca/certs ca/crl ca/newcerts ca/private ca/csrs - cd ca - chmod 700 private - touch index.txt - echo 1000 > serial - echo 1000 > crlnumber - Generate the root key and remember your password, you need it later in application.yml: openssl genrsa -aes256 -out private/ca.key.pem 4096