diff --git a/README.quickstart.md b/README.quickstart.md index 0f7b151..15c8182 100644 --- a/README.quickstart.md +++ b/README.quickstart.md @@ -1,8 +1,9 @@ Easy-RSA 3 Quickstart README ============================ -This is a quickstart guide to using Easy-RSA version 3. Detailed help on usage and specific commands can be found by running `./easyrsa -h`. -Additional documentation can be found in the doc/ directory. +This is a quickstart guide to using Easy-RSA version 3. Detailed help on usage +and specific commands can be found by running ./easyrsa -h. Additional +documentation can be found in the doc/ directory. If you're upgrading from the Easy-RSA 2.x series, there are Upgrade-Notes available, also under the doc/ path. @@ -10,7 +11,8 @@ available, also under the doc/ path. Setup and signing the first request ----------------------------------- -Here is a quick run-though of what needs to happen to start a new PKI and sign your first entity certificate: +Here is a quick run-though of what needs to happen to start a new PKI and sign +your first entity certificate: 1. Choose a system to act as your CA and create a new PKI and CA: @@ -18,8 +20,8 @@ Here is a quick run-though of what needs to happen to start a new PKI and sign y ./easyrsa build-ca 2. On the system that is requesting a certificate, init its own PKI and generate - a keypair/request. Note that `init-pki` is used _only_ when this is done on - a separate system (or at least a separate PKI dir.) This is the recommended + a keypair/request. Note that init-pki is used _only_ when this is done on a + separate system (or at least a separate PKI dir.) This is the recommended procedure. If you are not using this recommended procedure, skip the next import-req step. @@ -43,7 +45,8 @@ Here is a quick run-though of what needs to happen to start a new PKI and sign y Signing subsequent requests --------------------------- -Follow steps 2-6 above to generate subsequent keypairs and have the CA return signed certificates. +Follow steps 2-6 above to generate subsequent keypairs and have the CA return +signed certificates. Revoking certs and creating CRLs -------------------------------- @@ -90,7 +93,6 @@ RSA and EC private keys can be re-encrypted so a new passphrase can be supplied with one of the following commands depending on the key type: ./easyrsa set-rsa-pass EntityName - ./easyrsa set-ec-pass EntityName Optionally, the passphrase can be removed completely with the 'nopass' flag.