alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fixed some README.md formatting

Browse source
This commit is contained in:
Michael Malone 2019-08-30 17:58:52 -07:00 committed by GitHub
parent 8e46cf0522
commit f25e953bf0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
README.md
View file

@ -100,8 +100,7 @@ While `step` is not required to run `step-ca`, it will make your life easier so
Install `step` and `step-ca` together via [Homebrew](https://brew.sh/):
<pre><code>
<b>$ brew install step</b>
<pre><code><b>$ brew install step</b>
# Test installation ...
<b>$ step certificate inspect https://smallstep.com</b>
@ -111,15 +110,15 @@ Certificate:
Serial Number: 326381749415081530968054238478851085504954 (0x3bf265673332db2d0c70e48a163fb7d11ba)
Signature Algorithm: SHA256-RSA
Issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
...
</code></pre>
...</code></pre>
> Note: If you have installed `step` previously through the `smallstep/smallstep`
> tap you will need to run the following commands before installing:
```
$ brew untap smallstep/smallstep
$ brew uninstall step
```
>
> ```
> $ brew untap smallstep/smallstep
> $ brew uninstall step
> ```
### Linux
@ -180,15 +179,13 @@ helm install step-certificates
### Test
<pre><code>
<b>$ step version</b>
<pre><code><b>$ step version</b>
Smallstep CLI/0.10.0 (darwin/amd64)
Release Date: 2019-04-30 19:01 UTC
<b>$ step-ca version</b>
Smallstep CA/0.10.0 (darwin/amd64)
Release Date: 2019-04-30 19:02 UTC
</code></pre>
Release Date: 2019-04-30 19:02 UTC</code></pre>
## Quickstart
@ -206,8 +203,7 @@ communication. Let's get started!
#### 1. Run `step ca init` to create your CA's keys & certificates and configure `step-ca`:
<pre><code>
<b>$ step ca init</b>
<pre><code><b>$ step ca init</b>
✔ What would you like to name your new PKI? (e.g. Smallstep): <b>Example Inc.</b>
✔ What DNS names or IP addresses would you like to add to your new CA? (e.g. ca.smallstep.com[,1.1.1.1,etc.]): <b>localhost</b>
✔ What address will your new CA listen at? (e.g. :443): <b>127.0.0.1:8080</b>
@ -228,8 +224,7 @@ all done!
✔ Default configuration: /Users/bob/src/github.com/smallstep/step/.step/config/defaults.json
✔ Certificate Authority configuration: /Users/bob/src/github.com/smallstep/step/.step/config/ca.json
Your PKI is ready to go. To generate certificates for individual services see 'step help ca'.
</code></pre>
Your PKI is ready to go. To generate certificates for individual services see 'step help ca'.</code></pre>
This command will:
@ -243,11 +238,9 @@ You can find these artifacts in `$STEPPATH` (or `~/.step` by default).
You'll be prompted for your password from the previous step, to decrypt the CA's private signing key:
<pre><code>
<b>$ step-ca $(step path)/config/ca.json</b>
<pre><code><b>$ step-ca $(step path)/config/ca.json</b>
Please enter the password to decrypt /Users/bob/src/github.com/smallstep/step/.step/secrets/intermediate_ca_key: <b>abc123</b>
2019/02/18 13:28:58 Serving HTTPS on 127.0.0.1:8080 ...
</code></pre>
2019/02/18 13:28:58 Serving HTTPS on 127.0.0.1:8080 ...</code></pre>
#### 3. Copy our `hello world` golang server.
@ -277,8 +270,7 @@ EOF
#### 4. Get an identity for your server from the Step CA.
<pre><code>
<b>$ step ca certificate localhost srv.crt srv.key</b>
<pre><code><b>$ step ca certificate localhost srv.crt srv.key</b>
✔ Key ID: rQxROEr7Kx9TNjSQBTETtsu3GKmuW9zm02dMXZ8GUEk (bob@example.com)
✔ Please enter the password to decrypt the provisioner key: abc123
✔ CA: https://localhost:8080/1.0/sign
@ -307,32 +299,25 @@ Certificate:
Not Before: Feb 18 21:27:21 2019 UTC
Not After : Feb 15 21:27:21 2029 UTC
Subject: CN=Example Inc. Intermediate CA
...
</code></pre>
...</code></pre>
Note that `step` and `step-ca` handle details like [certificate bundling](https://smallstep.com/blog/everything-pki.html#intermediates-chains-and-bundling) for you.
#### 5. Run the simple server.
<pre><code>
<b>$ go run srv.go &</b>
</code></pre>
<pre><code><b>$ go run srv.go &</b></code></pre>
#### 6. Get the root certificate from the Step CA.
In a new Terminal window:
<pre><code>
<b>$ step ca root root.crt</b>
The root certificate has been saved in root.crt.
</code></pre>
<pre><code><b>$ step ca root root.crt</b>
The root certificate has been saved in root.crt.</code></pre>
#### 7. Make an authenticated, encrypted curl request to your server using HTTP over TLS.
<pre><code>
<b>$ curl --cacert root.crt https://localhost:8443/hi</b>
Hello, world!
</code></pre>
<pre><code><b>$ curl --cacert root.crt https://localhost:8443/hi</b>
Hello, world!</code></pre>
*All Done!*