nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/l0010o0001l/easy-rsa into l0010o0001l-master

Browse Source 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist 2018-01-25 08:09:26 -06:00
commit 26f8622049
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README.quickstart.md
View File

@ -2,17 +2,17 @@ Easy-RSA 3 Quickstart README
============================ ============================
This is a quickstart guide to using Easy-RSA version 3. Detailed help on usage This is a quickstart guide to using Easy-RSA version 3. Detailed help on usage
and specific commands by running easyrsa with the 'help' command. Additional and specific commands can be found by running ./easyrsa -h. Additional
documentation can be found in the doc/ directory. documentation can be found in the doc/ directory.
If you're upgrading from the Easy-RSA 2.x series there are Upgrade-Notes If you're upgrading from the Easy-RSA 2.x series, there are Upgrade-Notes
available, also under the doc/ path. available, also under the doc/ path.
Setup and signing the first request Setup and signing the first request
----------------------------------- -----------------------------------
A quick run-though of what needs to happen to start a new PKI and sign your Here is a quick run-though of what needs to happen to start a new PKI and sign
first entity certificate. your first entity certificate:
1. Choose a system to act as your CA and create a new PKI and CA: 1. Choose a system to act as your CA and create a new PKI and CA:
@ -20,10 +20,10 @@ first entity certificate.
./easyrsa build-ca ./easyrsa build-ca
2. On the system that is requesting a certificate, init its own PKI and generate 2. On the system that is requesting a certificate, init its own PKI and generate
a keypair/request. Note that the init-pki is used _only_ when this is done on a keypair/request. Note that init-pki is used _only_ when this is done on a
a separate system (or at least a separate PKI dir.) This is the recommended separate system (or at least a separate PKI dir.) This is the recommended
procedure. If you are not using this recommended procedure, skip the next procedure. If you are not using this recommended procedure, skip the next
import-req step as well. import-req step.
./easyrsa init-pki ./easyrsa init-pki
./easyrsa gen-req EntityName ./easyrsa gen-req EntityName
@ -40,12 +40,12 @@ first entity certificate.
5. Transport the newly signed certificate to the requesting entity. This entity 5. Transport the newly signed certificate to the requesting entity. This entity
may also need the CA cert (ca.crt) unless it had a prior copy. may also need the CA cert (ca.crt) unless it had a prior copy.
6. The entity now has its own keypair, and signed cert, and the CA. 6. The entity now has its own keypair, signed cert, and the CA.
Signing subsequent requests Signing subsequent requests
--------------------------- ---------------------------
Follow steps 2-6 above to generate subsequent keypairs and have the CA returned Follow steps 2-6 above to generate subsequent keypairs and have the CA return
signed certificates. signed certificates.
Revoking certs and creating CRLs Revoking certs and creating CRLs
@ -93,7 +93,6 @@ RSA and EC private keys can be re-encrypted so a new passphrase can be supplied
with one of the following commands depending on the key type: with one of the following commands depending on the key type:
./easyrsa set-rsa-pass EntityName ./easyrsa set-rsa-pass EntityName
./easyrsa set-ec-pass EntityName ./easyrsa set-ec-pass EntityName
Optionally, the passphrase can be removed completely with the 'nopass' flag. Optionally, the passphrase can be removed completely with the 'nopass' flag.