improve README

2024-09-25 12:01:21 +01:00 · 2024-09-25 12:01:21 +01:00 · ed53c967d7
commit ed53c967d7
parent 8a7287d552
2 changed files with 31 additions and 5 deletions
--- a/17
+++ b/17
@ -7,16 +7,23 @@ but without the rest of Puppet
 [ This README is speculative ]


---
+## Try it out

-DOMAIN="/C=GB/ST=London/L=London/O=Telent"
+```
+# create CA key and cert
+openssl genrsa -out ca.key 4096  
+CN=CA openssl req -config openssl.cnf -x509 -new -nodes -key ca.key -sha256 -days 3650  -out ca.crt

-openssl genrsa -out ca.key 4096
-openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -subj "${DOMAIN}/CN=CA" -out ca.crt
+# create client CSR
+CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr 

-openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr -subj "${DOMAIN}/OU=devices/CN=rotuer"
+# start the server
+bin/certifix

+# send it

+curl -v -H 'content-type: application/x-pem-file' --data-binary @client.csr  http://localhost:8201/sign
+```


 https://www.puppet.com/docs/puppet/7/ssl_attributes_extensions#csr_custom_attributes-recommended-oids-custom-attributes
--- a/openssl.cnf
+++ b/openssl.cnf
@ -0,0 +1,19 @@
+[ req ]
+default_bits           = 2048
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+prompt = no
+
+dirstring_type = nobmp
+
+[ req_distinguished_name ]
+countryName            = GB
+stateOrProvinceName    = London
+localityName           = London
+organizationName       = Telent
+commonName             = $ENV::CN
+
+[ req_attributes ]
+challengePassword              = loves labours lost
+
+