mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fixed some README.md formatting

Browse source
This commit is contained in:
Michael Malone 2019-08-30 17:58:52 -07:00 committed by GitHub
parent 8e46cf0522
commit f25e953bf0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
README.md
View file

@ -100,8 +100,7 @@ While `step` is not required to run `step-ca`, it will make your life easier so
Install `step` and `step-ca` together via [Homebrew](https://brew.sh/): Install `step` and `step-ca` together via [Homebrew](https://brew.sh/):
<pre><code> <pre><code><b>$ brew install step</b>
<b>$ brew install step</b>
# Test installation ... # Test installation ...
<b>$ step certificate inspect https://smallstep.com</b> <b>$ step certificate inspect https://smallstep.com</b>
@ -111,15 +110,15 @@ Certificate:
Serial Number: 326381749415081530968054238478851085504954 (0x3bf265673332db2d0c70e48a163fb7d11ba) Serial Number: 326381749415081530968054238478851085504954 (0x3bf265673332db2d0c70e48a163fb7d11ba)
Signature Algorithm: SHA256-RSA Signature Algorithm: SHA256-RSA
Issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 Issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
... ...</code></pre>
</code></pre>
> Note: If you have installed `step` previously through the `smallstep/smallstep` > Note: If you have installed `step` previously through the `smallstep/smallstep`
> tap you will need to run the following commands before installing: > tap you will need to run the following commands before installing:
``` >
$ brew untap smallstep/smallstep > ```
$ brew uninstall step > $ brew untap smallstep/smallstep
``` > $ brew uninstall step
> ```
### Linux ### Linux
@ -180,15 +179,13 @@ helm install step-certificates
### Test ### Test
<pre><code> <pre><code><b>$ step version</b>
<b>$ step version</b>
Smallstep CLI/0.10.0 (darwin/amd64) Smallstep CLI/0.10.0 (darwin/amd64)
Release Date: 2019-04-30 19:01 UTC Release Date: 2019-04-30 19:01 UTC
<b>$ step-ca version</b> <b>$ step-ca version</b>
Smallstep CA/0.10.0 (darwin/amd64) Smallstep CA/0.10.0 (darwin/amd64)
Release Date: 2019-04-30 19:02 UTC Release Date: 2019-04-30 19:02 UTC</code></pre>
</code></pre>
## Quickstart ## Quickstart
@ -206,8 +203,7 @@ communication. Let's get started!
#### 1. Run `step ca init` to create your CA's keys & certificates and configure `step-ca`: #### 1. Run `step ca init` to create your CA's keys & certificates and configure `step-ca`:
<pre><code> <pre><code><b>$ step ca init</b>
<b>$ step ca init</b>
✔ What would you like to name your new PKI? (e.g. Smallstep): <b>Example Inc.</b> ✔ What would you like to name your new PKI? (e.g. Smallstep): <b>Example Inc.</b>
✔ What DNS names or IP addresses would you like to add to your new CA? (e.g. ca.smallstep.com[,1.1.1.1,etc.]): <b>localhost</b> ✔ What DNS names or IP addresses would you like to add to your new CA? (e.g. ca.smallstep.com[,1.1.1.1,etc.]): <b>localhost</b>
✔ What address will your new CA listen at? (e.g. :443): <b>127.0.0.1:8080</b> ✔ What address will your new CA listen at? (e.g. :443): <b>127.0.0.1:8080</b>
@ -228,8 +224,7 @@ all done!
✔ Default configuration: /Users/bob/src/github.com/smallstep/step/.step/config/defaults.json ✔ Default configuration: /Users/bob/src/github.com/smallstep/step/.step/config/defaults.json
✔ Certificate Authority configuration: /Users/bob/src/github.com/smallstep/step/.step/config/ca.json ✔ Certificate Authority configuration: /Users/bob/src/github.com/smallstep/step/.step/config/ca.json
Your PKI is ready to go. To generate certificates for individual services see 'step help ca'. Your PKI is ready to go. To generate certificates for individual services see 'step help ca'.</code></pre>
</code></pre>
This command will: This command will:
@ -243,11 +238,9 @@ You can find these artifacts in `$STEPPATH` (or `~/.step` by default).
You'll be prompted for your password from the previous step, to decrypt the CA's private signing key: You'll be prompted for your password from the previous step, to decrypt the CA's private signing key:
<pre><code> <pre><code><b>$ step-ca $(step path)/config/ca.json</b>
<b>$ step-ca $(step path)/config/ca.json</b>
Please enter the password to decrypt /Users/bob/src/github.com/smallstep/step/.step/secrets/intermediate_ca_key: <b>abc123</b> Please enter the password to decrypt /Users/bob/src/github.com/smallstep/step/.step/secrets/intermediate_ca_key: <b>abc123</b>
2019/02/18 13:28:58 Serving HTTPS on 127.0.0.1:8080 ... 2019/02/18 13:28:58 Serving HTTPS on 127.0.0.1:8080 ...</code></pre>
</code></pre>
#### 3. Copy our `hello world` golang server. #### 3. Copy our `hello world` golang server.
@ -277,8 +270,7 @@ EOF
#### 4. Get an identity for your server from the Step CA. #### 4. Get an identity for your server from the Step CA.
<pre><code> <pre><code><b>$ step ca certificate localhost srv.crt srv.key</b>
<b>$ step ca certificate localhost srv.crt srv.key</b>
✔ Key ID: rQxROEr7Kx9TNjSQBTETtsu3GKmuW9zm02dMXZ8GUEk (bob@example.com) ✔ Key ID: rQxROEr7Kx9TNjSQBTETtsu3GKmuW9zm02dMXZ8GUEk (bob@example.com)
✔ Please enter the password to decrypt the provisioner key: abc123 ✔ Please enter the password to decrypt the provisioner key: abc123
✔ CA: https://localhost:8080/1.0/sign ✔ CA: https://localhost:8080/1.0/sign
@ -307,32 +299,25 @@ Certificate:
Not Before: Feb 18 21:27:21 2019 UTC Not Before: Feb 18 21:27:21 2019 UTC
Not After : Feb 15 21:27:21 2029 UTC Not After : Feb 15 21:27:21 2029 UTC
Subject: CN=Example Inc. Intermediate CA Subject: CN=Example Inc. Intermediate CA
... ...</code></pre>
</code></pre>
Note that `step` and `step-ca` handle details like [certificate bundling](https://smallstep.com/blog/everything-pki.html#intermediates-chains-and-bundling) for you. Note that `step` and `step-ca` handle details like [certificate bundling](https://smallstep.com/blog/everything-pki.html#intermediates-chains-and-bundling) for you.
#### 5. Run the simple server. #### 5. Run the simple server.
<pre><code> <pre><code><b>$ go run srv.go &</b></code></pre>
<b>$ go run srv.go &</b>
</code></pre>
#### 6. Get the root certificate from the Step CA. #### 6. Get the root certificate from the Step CA.
In a new Terminal window: In a new Terminal window:
<pre><code> <pre><code><b>$ step ca root root.crt</b>
<b>$ step ca root root.crt</b> The root certificate has been saved in root.crt.</code></pre>
The root certificate has been saved in root.crt.
</code></pre>
#### 7. Make an authenticated, encrypted curl request to your server using HTTP over TLS. #### 7. Make an authenticated, encrypted curl request to your server using HTTP over TLS.
<pre><code> <pre><code><b>$ curl --cacert root.crt https://localhost:8443/hi</b>
<b>$ curl --cacert root.crt https://localhost:8443/hi</b> Hello, world!</code></pre>
Hello, world!
</code></pre>
*All Done!* *All Done!*