diff options
| author | June McEnroe <june@causal.agency> | 2020-08-01 18:15:17 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2020-08-01 18:15:17 -0400 |
| commit | a432773c8a76e42f875adee19ebd6d401883184d (patch) | |
| tree | b5686adb03e5945334d2dcbb65373c84fc77ca35 | |
| parent | Fix signing certificates with -A and -g (diff) | |
| download | pounce-a432773c8a76e42f875adee19ebd6d401883184d.tar.gz pounce-a432773c8a76e42f875adee19ebd6d401883184d.zip | |
Document concatenating client certificates for auth
This is actually the better approach since certificates can easily be removed from the file.
| -rw-r--r-- | pounce.1 | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/pounce.1 b/pounce.1 index 6190d6d..59c8728 100644 --- a/pounce.1 +++ b/pounce.1 @@ -1,4 +1,4 @@ -.Dd July 6, 2020 +.Dd August 1, 2020 .Dt POUNCE 1 .Os . @@ -427,7 +427,36 @@ not to the server. .Ss Generating Client Certificates .Bl -enum .It -Generate a self-signed certificate authority (CA): +Generate self-signed client certificates and private keys: +.Bd -literal -offset indent +pounce -g client1.pem +pounce -g client2.pem +.Ed +.It +Concatenate the certificate public keys into a CA file: +.Bd -literal -offset indent +openssl x509 -subject -in client1.pem >> auth.pem +openssl x509 -subject -in client2.pem >> auth.pem +.Ed +.It +Configure +.Nm +to verify client certificates +against the CA file: +.Bd -literal -offset indent +local-ca = auth.pem +# or: pounce -A auth.pem +.Ed +.El +. +.Pp +Alternatively, +client certificates can be signed +by a generated certificate authority: +. +.Bl -enum +.It +Generate a self-signed certificate authority: .Bd -literal -offset indent pounce -g auth.pem .Ed |