diff --git a/docs/testsite.rst b/docs/testsite.rst index 224ea34a52ed14e0202ad70f51d5c5f2b638e76f..0f3d142119cd033b81f1b4e2e12167925c2846aa 100644 --- a/docs/testsite.rst +++ b/docs/testsite.rst @@ -68,6 +68,8 @@ The playbooks and configurations for test site make a couple of assumptions: ``admin``. The SSH key stored in it will be read from location ``~/.ssh/id_rsa`` (i.e. from home directory of user running the Ansible commands). +* The TLS truststore can be found in location ``certs/example_ca_chain.crt`` + relative to the ``testsite`` sub-directory. Additionally, some manual steps may be required to have a fully functioning system: @@ -84,19 +86,14 @@ system: ``/etc/ssl/private/xmpp.example.com.pem`` (*root:prosody, 640*). * Create TLS certificate for XMPP in location ``/etc/ssl/certs/xmpp.example.com.pem`` (*root:root, 644*). - * Install a truststore that contains the CA certifciate which has issued the - LDAP certificate in location ``/etc/ssl/certs/truststore.pem`` (*root:root, - 644*). * After all files are in place, re-run the ``site.yml`` playbook in order to restart necessary services etc. * On ``mail.example.com``, you should manually install the TLS private key and certificate in locations ``/etc/ssl/private/mail.example.com.pem`` (*root:ldap, 640*) and ``/etc/ssl/certs/mail.example.com.pem`` (*root:root, - 644*), respectively. You should also install a truststore that contains the CA - certifciate which has issued the LDAP certificate in location - ``/etc/ssl/certs/truststore.pem`` (*root:root, 644*). After that, restart the - servics ``dovecot`` and ``postfix``. + 644*), respectively. After that, restart the servics ``dovecot`` and + ``postfix``. * On ``mail.example.com``: @@ -108,9 +105,6 @@ system: ``/etc/ssl/private/mail.example.com_imap.pem`` (*root:openldap, 640*). * Create TLS certificate for IMAP in location ``/etc/ssl/certs/mail.example.com_imap.pem`` (*root:root, 644*). - * Install a truststore that contains the CA certifciate which has issued the - LDAP certificate in location ``/etc/ssl/certs/truststore.pem`` (*root:root, - 644*). * After all files are in place, re-run the ``site.yml`` playbook in order to restart necessary services etc.