[ssl_mgmt] Typos & comments' translation

This commit is contained in:
Matteo Cypriani 2012-02-20 17:40:09 +01:00
parent 2b6d07e80b
commit 236e5afe48
2 changed files with 16 additions and 12 deletions

View File

@ -1,22 +1,22 @@
ssl_mgmt is a helper to manage ssl certificate: creation, renewal and removal.
ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
So far, only renewal is supported.
ssl_mgmt refers to certificates through the service they are associated with.
*** EXAMPLES ***
To renew the certificate associated to https, the command line is:
ssl_mgmt renew https
To renew the certificate associated to HTTPS, the command line is:
ssl_mgmt renew https
If you want to renew certificates of all services, you should do:
ssl_mgmt renew all
ssl_mgmt renew all
Note: This suppose that
* all services are listed in /root/homemade_certs;
* directories have special rights so that newly created certificates
automatically get proper rights;
* Root CA is already created
* openssl.cnf.in is copied at the root of the CA hierarchy
* the root CA is already created;
* openssl.cnf.in is copied in the CA hierarchy's root.
The file system hierarchy assumed is:
lrwxrwxrwx 1 root root 14 6 janv. 2010 certs -> /etc/ssl/certs

View File

@ -32,15 +32,19 @@ commonName = supplied
emailAddress = optional
[ req ]
default_bits = 2048 # Taille des clés
default_keyfile = newkeys/key.pem # Nom de la clé généré (à spécifier en ligne de commande si différent)
default_md = md5 # Algorithme de résumé (hash)
string_mask = nombstr # Caractères authorisés
# Keys' size:
default_bits = 2048
# Name of the generated key (specify it as a CLI argument if different):
default_keyfile = newkeys/key.pem
# Hash algorithm:
default_md = md5
# Authorised characters:
string_mask = nombstr
prompt = no
distinguished_name = req_distinguished_name
req_extensions = v3_req
# On ne veut ces extensions que pour générer les certificats racines
# donc on le spécifie sur la ligne de commande
# We want those extensions only to generate the root certificates, so
# we specify it on the command line:
x509_extensions = v3_ca
[ req_distinguished_name ]