nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/l0010o0001l/easy-rsa into l0010o0001l-master

Browse Source 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist 2018-01-25 08:09:26 -06:00
commit 26f8622049
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README.quickstart.md
View File

@ -2,17 +2,17 @@ Easy-RSA 3 Quickstart README
============================
This is a quickstart guide to using Easy-RSA version 3. Detailed help on usage
and specific commands by running easyrsa with the 'help' command. Additional
and specific commands can be found by running ./easyrsa -h. Additional
documentation can be found in the doc/ directory.
If you're upgrading from the Easy-RSA 2.x series there are Upgrade-Notes
If you're upgrading from the Easy-RSA 2.x series, there are Upgrade-Notes
available, also under the doc/ path.
Setup and signing the first request
-----------------------------------
A quick run-though of what needs to happen to start a new PKI and sign your
first entity certificate.
Here is a quick run-though of what needs to happen to start a new PKI and sign
your first entity certificate:
1. Choose a system to act as your CA and create a new PKI and CA:
@ -20,10 +20,10 @@ first entity certificate.
./easyrsa build-ca
2. On the system that is requesting a certificate, init its own PKI and generate
a keypair/request. Note that the init-pki is used _only_ when this is done on
a separate system (or at least a separate PKI dir.) This is the recommended
a keypair/request. Note that init-pki is used _only_ when this is done on a
separate system (or at least a separate PKI dir.) This is the recommended
procedure. If you are not using this recommended procedure, skip the next
import-req step as well.
import-req step.
./easyrsa init-pki
./easyrsa gen-req EntityName
@ -40,12 +40,12 @@ first entity certificate.
5. Transport the newly signed certificate to the requesting entity. This entity
may also need the CA cert (ca.crt) unless it had a prior copy.
6. The entity now has its own keypair, and signed cert, and the CA.
6. The entity now has its own keypair, signed cert, and the CA.
Signing subsequent requests
---------------------------
Follow steps 2-6 above to generate subsequent keypairs and have the CA returned
Follow steps 2-6 above to generate subsequent keypairs and have the CA return
signed certificates.
Revoking certs and creating CRLs
@ -93,7 +93,6 @@ RSA and EC private keys can be re-encrypted so a new passphrase can be supplied
with one of the following commands depending on the key type:
./easyrsa set-rsa-pass EntityName
./easyrsa set-ec-pass EntityName
Optionally, the passphrase can be removed completely with the 'nopass' flag.