X-Git-Url: https://pwan.org/git/?p=certmaster.git;a=blobdiff_plain;f=README.md;h=ab98eb1f95ea9a499fa7be2d9b4245b684f10962;hp=2bd00ca66dd0a7aed6b97175488790d6c367d315;hb=0c21a17fd5da6021a233839bf7df84a44c3875df;hpb=0a2875e85053c5706feea3e6f95637de7629dd1e diff --git a/README.md b/README.md index 2bd00ca..ab98eb1 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,60 @@ _certmaster -- it hands out SSL certs!_ - + read more at: -[Fedora Project Page](https://fedorahosted.org/certmaster/) +[Original Fedora Project Page](https://fedorahosted.org/certmaster/) -[Fedora Repo] (http://git.fedorahosted.org/git/?p=certmaster.git;a=summary) +[Original Fedora Repo](http://git.fedorahosted.org/git/?p=certmaster.git;a=summary) --- -** About this fork +## About this fork + +_certmaster -- it hands out SSL certs from multiple CAs !!!_ -*** Multiple CA support +### Multiple CA support This certmaster fork introduces a new '--ca' argument for specifying an alternative certificate authority. -This allows one certmaste instance to supply certs from multiple authorities instead of having to have a -separate certmaster instance for each certificate authority might be using. +This allows one certmaster instance to supply certs from multiple authorities instead of having a separate certmaster +instance for each certificate authority you are using. -If you don't want to use multiple CA's, this fork should act just like the parent certmaster project - you -should be able to upgrade your existing certmaster to this version, and it will continue to server your existing certs +If you don't want to use multiple CA's, this fork should act just like the parent certmaster project from Fedora - you +should be able to upgrade your existing certmaster to this version, and it will continue to server your existing certs. -If you want to add an additional certificate authorities, add a section to your certmaster.conf file as per below +If you want to add additional certificate authorities, include a section to your certmaster.conf file as per below for each CA, using a different name and set of directories for each CA. -``` -[ca:name] -autosign = yes_or_no -cadir = /path/to/cadir -cert_dir = /path/to/cert_dir -certroot = /path/to/certroot -csrroot = /path/to/csrroot -``` + [ca:name] + autosign = yes_or_no + cadir = /path/to/cadir + cert_dir = /path/to/cert_dir + certroot = /path/to/certroot + csrroot = /path/to/csrroot Then to use the new CA, include the argument '--ca=name' in your list of certmaster-ca arguments to use the 'name' CA. Likewise, when requesting certs from the new CA, include a section of the following form in your minion.conf file: -``` -[ca:name] -cert_dir = /path/to/cert_dir -``` + + [ca:name] + cert_dir = /path/to/cert_dir Then include the argument '--ca=name' in your certmaster-request commands to request a cert from the 'name' CA. -If the '--ca' argument is not given in the certmaster-ca or certmaster-request commands, then the original -autosign, cadir, cert_dir, certroot, and csrroot options from the main section of certmaster.conf / minion.conf are used instead. +If the '--ca' argument is not given, then the default CA, as defined by the autosign, cadir, cert_dir, certroot, +and csrroot options from the main section of certmaster.conf or minion.conf is used. + +### Functional Tests + +This fork introduces some functional tests using the [shUnit2 framework](https://code.google.com/p/shunit2/wiki/ProjectInfo). + +**NOTE THESE TESTS ARE DESTRUCTIVE SO DON'T RUN THEM ON YOUR LIVE CERTMASTER HOST** -*** Misc Changes +The tests overwrite the /etc/certmaster/certmaster.conf and /etc/certmaster/minion.conf files, and delete the cert data directories, +so only run these tests on a test server / VM / docker image, not on your live production certmaster instance. -+ 'certmaster-ca --version' reads /etc/certmaste/version instead of func's version file +### Misc Changes ++ 'certmaster-ca --version' reads /etc/certmaster/version instead of func's version file + certmaster-sync doesn't error out if func if not present ++ switched README to README.md