gimmecert Changeset - eac14a7c48ad

Changeset - eac14a7c48ad

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 6 years ago 2018-03-18 11:40:39
branko@majic.rs

GC-16: Added user documentation for the client command:

- Updated the features entry in README file, adding some missing
information about other features implemented as well.
- Added quick usage instruction for issuing a client certificate.
- Added the client certificate artifacts directory to listing of
directories used.
- Added expanded usage instructions for the client command.
- Fixed some invalid invocation example for the server command.

2 files changed with 59 insertions and 2 deletions:

README.rst

docs/usage.rst

0 comments (0 inline, 0 general)

README.rst

➞

Show inline comments

@@ @@ -51,6 +51,21 @@ away. @@
 Features
 --------
 Gimmecert provides the following features:
 - It is very easy to use. Commands are intuitive, and require minimal
   input from the user.
 - Initialisation of CA hierarchy for issuing certificates. CA
   hierarchy depth can be specified, letting you easily simulate your
   production environment.
 - Issuance of TLS server certificates, with any number of DNS subject
   alternative names.
 - Issuance of TLS client certificates.
 - All generated artifacts stored within a single sub-directory
   (``.gimmecert``), relative to directory where command is
   invoked. This allows you to easily issue per-project testing
   certificates.
 Support
 -------

docs/usage.rst

➞

Show inline comments

 Issue a server certificate::
   gimmecert myserver1
+  gimmecert server myserver1
 This will create the following artifacts for the server:
@@ @@ -69,10 +69,19 @@ This will create the following artifacts for the server: @@
 Resulting certificate will include its own name as one of the DNS
 subject alternative names.
 Issue a client certificate::
   gimmecert client myclient1
 This will create the following artifacts for the client:
 - ``.gimmecert/client/myclient1.key.pem`` (private key)
 - ``.gimmecert/client/myclient1.cert.pem`` (certificate)
 Issue a server certificate with additional DNS subject alternative
 names::
   gimmecert myserver2 myserver2.local service.example.com
+  gimmecert server myserver2 myserver2.local service.example.com
 This will create the following artifacts for the server:
@@ @@ -113,6 +122,8 @@ process: @@
   certificates.
 - ``.gimmecert/server/``, used for storing server private keys and
   certificates.
 - ``.gimmecert/client/``, used for storing client private keys and
   certificates.
 Both CA private keys and certificates are stored as OpenSSL-style PEM
 files. The naming convention for keys is ``levelN.key.pem``, while for
@@ @@ -185,3 +196,34 @@ be passed-in as well. For example:: @@
 Key usage and extended key usage in certificate are set typical TLS
 server use (e.g. *digital signature* + *key encipherment* for KU, and
 *TLS WWW server authentication* for EKU).
 Issuing client certificates
 ---------------------------
 Client certificates can be issued once the initialisation is
 complete. Command accepts a single positional argument::
   gimmecert client NAME
 The command will:
 - Generate a 2048-bit RSA private key.
 - Issue a certificate associated with the generated private key using
   the leaf CA (the one deepest in hierachy).
 Rerunning the command will overwrite existing private key and
 certificate without warning.
 Resulting private keys and certificates are stored within directory
 ``.gimmecert/client/``. Private key naming convention is
 ``NAME.key.pem``, while certificates are stored as
 ``NAME.cert.pem``. In both cases the OpenSSL-style PEM format is used
 for storage.
 Subject DN naming convention for client certificates is ``CN=NAME``,
 where ``NAME`` is passed-in via positional argument.
 Key usage and extended key usage in certificate are set typical TLS
 client use (e.g. *digital signature* + *key encipherment* for KU, and
 *TLS WWW client authentication* for EKU).

0 comments (0 inline, 0 general)