summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-08-01 18:15:17 -0400
committerJune McEnroe <june@causal.agency>2020-08-01 18:15:17 -0400
commita432773c8a76e42f875adee19ebd6d401883184d (patch)
treeb5686adb03e5945334d2dcbb65373c84fc77ca35
parentFix signing certificates with -A and -g (diff)
downloadpounce-a432773c8a76e42f875adee19ebd6d401883184d.tar.gz
pounce-a432773c8a76e42f875adee19ebd6d401883184d.zip
Document concatenating client certificates for auth
This is actually the better approach since certificates can easily be
removed from the file.
-rw-r--r--pounce.133
1 files changed, 31 insertions, 2 deletions
diff --git a/pounce.1 b/pounce.1
index 6190d6d..59c8728 100644
--- a/pounce.1
+++ b/pounce.1
@@ -1,4 +1,4 @@
-.Dd July  6, 2020
+.Dd August  1, 2020
 .Dt POUNCE 1
 .Os
 .
@@ -427,7 +427,36 @@ not to the server.
 .Ss Generating Client Certificates
 .Bl -enum
 .It
-Generate a self-signed certificate authority (CA):
+Generate self-signed client certificates and private keys:
+.Bd -literal -offset indent
+pounce -g client1.pem
+pounce -g client2.pem
+.Ed
+.It
+Concatenate the certificate public keys into a CA file:
+.Bd -literal -offset indent
+openssl x509 -subject -in client1.pem >> auth.pem
+openssl x509 -subject -in client2.pem >> auth.pem
+.Ed
+.It
+Configure
+.Nm
+to verify client certificates
+against the CA file:
+.Bd -literal -offset indent
+local-ca = auth.pem
+# or: pounce -A auth.pem
+.Ed
+.El
+.
+.Pp
+Alternatively,
+client certificates can be signed
+by a generated certificate authority:
+.
+.Bl -enum
+.It
+Generate a self-signed certificate authority:
 .Bd -literal -offset indent
 pounce -g auth.pem
 .Ed
roe 2018-09-24Add psfed, a PSF2 font editorJune McEnroe 2018-09-21Add scheme -i to swap white and blackJune McEnroe 2018-09-21Map caps lock to escape on Linux consoleJune McEnroe 2018-09-19Fix README mandoc lintsJune McEnroe 2018-09-19Un-NOT trans.alpha values in pngoJune McEnroe 2018-09-18Refactor reads in pngo and clear palette between filesJune McEnroe 2018-09-17Add tRNS support to pngoJune McEnroe 2018-09-11Move gfx man pages to gfx/manJune McEnroe 2018-09-11Move bin man pages to bin/manJune McEnroe 2018-09-11Rewrite gfx.7 and render plaintext READMEJune McEnroe 2018-09-11Remove GAMES from BINSJune McEnroe 2018-09-11Rewrite bin.7 and render to plaintext READMEJune McEnroe 2018-09-11Add "blank" lines to man pagesJune McEnroe 2018-09-10Add mdoc syntax fileJune McEnroe 2018-09-08Fix Nm usage in multi-name man pagesJune McEnroe 2018-09-08Put real dates on man pagesJune McEnroe 2018-09-08Replace gfx README with REAMDE.7June McEnroe 2018-09-08Link gfx man pages in ~/.localJune McEnroe