fix a few README things
This commit is contained in:
parent
0f846cf8dd
commit
ff6cccce23
1 changed files with 17 additions and 18 deletions
35
README.md
35
README.md
|
@ -28,8 +28,8 @@ improve them as your system matures.
|
|||
- [Getting Started](#getting-started)
|
||||
- [Commonly Asked Questions](docs/common-questions.md)
|
||||
- [Recommended Defaults](docs/recommendations.md)
|
||||
- [Versioning](#versioning)
|
||||
- [How To Create A New Release](docs/distribution.md)
|
||||
- [Versioning](#versioning)
|
||||
- [LICENSE](./LICENSE)
|
||||
- [CHANGELOG](./CHANGELOG.md)
|
||||
|
||||
|
@ -208,11 +208,11 @@ To start the CA run:
|
|||
step-ca $STEPPATH/config/ca.step
|
||||
```
|
||||
|
||||
Consider populating a `defaults.json` file with a few variables that will
|
||||
make your command line experience much more pleasant.
|
||||
|
||||
### Set your defaults
|
||||
|
||||
This is optional, but we recommend you populate a `defaults.json` file with a
|
||||
few variables that will make your command line experience much more pleasant.
|
||||
|
||||
```
|
||||
$ cat > $STEPPATH/config/defaults.json
|
||||
{
|
||||
|
@ -222,12 +222,13 @@ $ cat > $STEPPATH/config/defaults.json
|
|||
}
|
||||
```
|
||||
|
||||
**ca-curl**: Use the DNS name and port that you used when initializing the CA.
|
||||
**root**: Path to the root certificate on the file system.
|
||||
* **ca-curl**: Use the DNS name and port that you used when initializing the CA.
|
||||
|
||||
* **root**: Path to the root certificate on the file system.
|
||||
|
||||
You can always override these values with command-line flags.
|
||||
|
||||
### Reload
|
||||
### Hot Reload
|
||||
|
||||
It is important that the CA be able to handle configuration changes with no downtime.
|
||||
Our CA has a built in `reload` function allowing it to:
|
||||
|
@ -249,19 +250,12 @@ $ step-ca ./.step/config/ca.json
|
|||
then, upon `reload`, the Step CA will read it's new configuration from the same
|
||||
configuration file.
|
||||
|
||||
* Step CA requires the password to decrypt the intermediate certificate again
|
||||
* Step CA requires the password to decrypt the intermediate certificate, again,
|
||||
upon `reload`. You can auotmate this in one of two ways:
|
||||
|
||||
* Use the `--password-file` flag in the original invocation.
|
||||
* Use the top level `password` attribute in the `ca.json` configuration file.
|
||||
|
||||
## Versioning
|
||||
|
||||
We use [SemVer](http://semver.org/) for versioning. For the versions available,
|
||||
see the [tags on this repository](https://github.com/smallstep/cli).
|
||||
|
||||
|
||||
|
||||
### Let's issue a certificate!
|
||||
|
||||
There are two steps to issuing a certificate at the command line:
|
||||
|
@ -334,7 +328,7 @@ Now let's add a provisioner for Jim.
|
|||
$ bin/step ca provisioner add jim@smallstep.com --create
|
||||
```
|
||||
|
||||
**NOTE**: This change will not affect the Step CA until a reload is forced by
|
||||
**NOTE**: This change will not affect the Step CA until a `reload` is forced by
|
||||
sending a SIGHUP signal to the process.
|
||||
|
||||
List the provisioners again and you will see that nothing has changed.
|
||||
|
@ -343,7 +337,7 @@ List the provisioners again and you will see that nothing has changed.
|
|||
$ bin/step ca provisioner list
|
||||
```
|
||||
|
||||
Now let's reload the CA. You will need to re-enter your intermediate
|
||||
Now let's `reload` the CA. You will need to re-enter your intermediate
|
||||
password unless it's in your `ca.json` or your are using `--password-file`.
|
||||
|
||||
```
|
||||
|
@ -366,7 +360,7 @@ the provisioners and finding the appropriate one. Then run:
|
|||
$ bin/step ca provisioner remove jim@smallstep.com --kid <kid>
|
||||
```
|
||||
|
||||
Then reload the CA and verify that Jim's provisioner is no longer returned
|
||||
Then `reload` the CA and verify that Jim's provisioner is no longer returned
|
||||
in the provisioner list.
|
||||
|
||||
We can also remove all of Jim's provisioners, supposing Jim forgot all the passwords
|
||||
|
@ -379,6 +373,11 @@ $ bin/step ca provisioner remove jim@smallstep.com --all
|
|||
The same entity may have multiple provisioners for authorizing different
|
||||
types of certs. Each of these provisioners must have unique keys.
|
||||
|
||||
## Versioning
|
||||
|
||||
We use [SemVer](http://semver.org/) for versioning. For the versions available,
|
||||
see the [tags on this repository](https://github.com/smallstep/cli).
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the
|
||||
|
|
Loading…
Reference in a new issue