[ssl_mgmt] Typos & comments' translation
This commit is contained in:
parent
2b6d07e80b
commit
236e5afe48
|
@ -1,22 +1,22 @@
|
|||
ssl_mgmt is a helper to manage ssl certificate: creation, renewal and removal.
|
||||
ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
|
||||
So far, only renewal is supported.
|
||||
|
||||
ssl_mgmt refers to certificates through the service they are associated with.
|
||||
|
||||
*** EXAMPLES ***
|
||||
|
||||
To renew the certificate associated to https, the command line is:
|
||||
ssl_mgmt renew https
|
||||
To renew the certificate associated to HTTPS, the command line is:
|
||||
ssl_mgmt renew https
|
||||
|
||||
If you want to renew certificates of all services, you should do:
|
||||
ssl_mgmt renew all
|
||||
ssl_mgmt renew all
|
||||
|
||||
Note: This suppose that
|
||||
* all services are listed in /root/homemade_certs;
|
||||
* directories have special rights so that newly created certificates
|
||||
automatically get proper rights;
|
||||
* Root CA is already created
|
||||
* openssl.cnf.in is copied at the root of the CA hierarchy
|
||||
* the root CA is already created;
|
||||
* openssl.cnf.in is copied in the CA hierarchy's root.
|
||||
|
||||
The file system hierarchy assumed is:
|
||||
lrwxrwxrwx 1 root root 14 6 janv. 2010 certs -> /etc/ssl/certs
|
||||
|
|
|
@ -32,15 +32,19 @@ commonName = supplied
|
|||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
default_bits = 2048 # Taille des clés
|
||||
default_keyfile = newkeys/key.pem # Nom de la clé généré (à spécifier en ligne de commande si différent)
|
||||
default_md = md5 # Algorithme de résumé (hash)
|
||||
string_mask = nombstr # Caractères authorisés
|
||||
# Keys' size:
|
||||
default_bits = 2048
|
||||
# Name of the generated key (specify it as a CLI argument if different):
|
||||
default_keyfile = newkeys/key.pem
|
||||
# Hash algorithm:
|
||||
default_md = md5
|
||||
# Authorised characters:
|
||||
string_mask = nombstr
|
||||
prompt = no
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
# On ne veut ces extensions que pour générer les certificats racines
|
||||
# donc on le spécifie sur la ligne de commande
|
||||
# We want those extensions only to generate the root certificates, so
|
||||
# we specify it on the command line:
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
|
|
Loading…
Reference in New Issue