diff --git a/README.quickstart.md b/README.quickstart.md index 8fb0a2e..15c8182 100644 --- a/README.quickstart.md +++ b/README.quickstart.md @@ -2,17 +2,17 @@ Easy-RSA 3 Quickstart README ============================ This is a quickstart guide to using Easy-RSA version 3. Detailed help on usage -and specific commands by running easyrsa with the 'help' command. Additional +and specific commands can be found by running ./easyrsa -h. Additional documentation can be found in the doc/ directory. -If you're upgrading from the Easy-RSA 2.x series there are Upgrade-Notes +If you're upgrading from the Easy-RSA 2.x series, there are Upgrade-Notes available, also under the doc/ path. Setup and signing the first request ----------------------------------- -A quick run-though of what needs to happen to start a new PKI and sign your -first entity certificate. +Here is a quick run-though of what needs to happen to start a new PKI and sign +your first entity certificate: 1. Choose a system to act as your CA and create a new PKI and CA: @@ -20,10 +20,10 @@ first entity certificate. ./easyrsa build-ca 2. On the system that is requesting a certificate, init its own PKI and generate - a keypair/request. Note that the init-pki is used _only_ when this is done on - a separate system (or at least a separate PKI dir.) This is the recommended + a keypair/request. Note that init-pki is used _only_ when this is done on a + separate system (or at least a separate PKI dir.) This is the recommended procedure. If you are not using this recommended procedure, skip the next - import-req step as well. + import-req step. ./easyrsa init-pki ./easyrsa gen-req EntityName @@ -40,12 +40,12 @@ first entity certificate. 5. Transport the newly signed certificate to the requesting entity. This entity may also need the CA cert (ca.crt) unless it had a prior copy. -6. The entity now has its own keypair, and signed cert, and the CA. +6. The entity now has its own keypair, signed cert, and the CA. Signing subsequent requests --------------------------- -Follow steps 2-6 above to generate subsequent keypairs and have the CA returned +Follow steps 2-6 above to generate subsequent keypairs and have the CA return signed certificates. Revoking certs and creating CRLs @@ -93,7 +93,6 @@ RSA and EC private keys can be re-encrypted so a new passphrase can be supplied with one of the following commands depending on the key type: ./easyrsa set-rsa-pass EntityName - ./easyrsa set-ec-pass EntityName Optionally, the passphrase can be removed completely with the 'nopass' flag.