[ssl_mgmt] Typos & comments' translation
This commit is contained in:
parent
2b6d07e80b
commit
236e5afe48
|
@ -1,22 +1,22 @@
|
||||||
ssl_mgmt is a helper to manage ssl certificate: creation, renewal and removal.
|
ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
|
||||||
So far, only renewal is supported.
|
So far, only renewal is supported.
|
||||||
|
|
||||||
ssl_mgmt refers to certificates through the service they are associated with.
|
ssl_mgmt refers to certificates through the service they are associated with.
|
||||||
|
|
||||||
*** EXAMPLES ***
|
*** EXAMPLES ***
|
||||||
|
|
||||||
To renew the certificate associated to https, the command line is:
|
To renew the certificate associated to HTTPS, the command line is:
|
||||||
ssl_mgmt renew https
|
ssl_mgmt renew https
|
||||||
|
|
||||||
If you want to renew certificates of all services, you should do:
|
If you want to renew certificates of all services, you should do:
|
||||||
ssl_mgmt renew all
|
ssl_mgmt renew all
|
||||||
|
|
||||||
Note: This suppose that
|
Note: This suppose that
|
||||||
* all services are listed in /root/homemade_certs;
|
* all services are listed in /root/homemade_certs;
|
||||||
* directories have special rights so that newly created certificates
|
* directories have special rights so that newly created certificates
|
||||||
automatically get proper rights;
|
automatically get proper rights;
|
||||||
* Root CA is already created
|
* the root CA is already created;
|
||||||
* openssl.cnf.in is copied at the root of the CA hierarchy
|
* openssl.cnf.in is copied in the CA hierarchy's root.
|
||||||
|
|
||||||
The file system hierarchy assumed is:
|
The file system hierarchy assumed is:
|
||||||
lrwxrwxrwx 1 root root 14 6 janv. 2010 certs -> /etc/ssl/certs
|
lrwxrwxrwx 1 root root 14 6 janv. 2010 certs -> /etc/ssl/certs
|
||||||
|
|
|
@ -32,15 +32,19 @@ commonName = supplied
|
||||||
emailAddress = optional
|
emailAddress = optional
|
||||||
|
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048 # Taille des clés
|
# Keys' size:
|
||||||
default_keyfile = newkeys/key.pem # Nom de la clé généré (à spécifier en ligne de commande si différent)
|
default_bits = 2048
|
||||||
default_md = md5 # Algorithme de résumé (hash)
|
# Name of the generated key (specify it as a CLI argument if different):
|
||||||
string_mask = nombstr # Caractères authorisés
|
default_keyfile = newkeys/key.pem
|
||||||
|
# Hash algorithm:
|
||||||
|
default_md = md5
|
||||||
|
# Authorised characters:
|
||||||
|
string_mask = nombstr
|
||||||
prompt = no
|
prompt = no
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
req_extensions = v3_req
|
req_extensions = v3_req
|
||||||
# On ne veut ces extensions que pour générer les certificats racines
|
# We want those extensions only to generate the root certificates, so
|
||||||
# donc on le spécifie sur la ligne de commande
|
# we specify it on the command line:
|
||||||
x509_extensions = v3_ca
|
x509_extensions = v3_ca
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
|
|
Loading…
Reference in New Issue