about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-08-01 18:15:17 -0400
committerJune McEnroe <june@causal.agency>2020-08-01 18:15:17 -0400
commita432773c8a76e42f875adee19ebd6d401883184d (patch)
treeb5686adb03e5945334d2dcbb65373c84fc77ca35
parentFix signing certificates with -A and -g (diff)
downloadpounce-a432773c8a76e42f875adee19ebd6d401883184d.tar.gz
pounce-a432773c8a76e42f875adee19ebd6d401883184d.zip
Document concatenating client certificates for auth
This is actually the better approach since certificates can easily be
removed from the file.
-rw-r--r--pounce.133
1 files changed, 31 insertions, 2 deletions
diff --git a/pounce.1 b/pounce.1
index 6190d6d..59c8728 100644
--- a/pounce.1
+++ b/pounce.1
@@ -1,4 +1,4 @@
-.Dd July  6, 2020
+.Dd August  1, 2020
 .Dt POUNCE 1
 .Os
 .
@@ -427,7 +427,36 @@ not to the server.
 .Ss Generating Client Certificates
 .Bl -enum
 .It
-Generate a self-signed certificate authority (CA):
+Generate self-signed client certificates and private keys:
+.Bd -literal -offset indent
+pounce -g client1.pem
+pounce -g client2.pem
+.Ed
+.It
+Concatenate the certificate public keys into a CA file:
+.Bd -literal -offset indent
+openssl x509 -subject -in client1.pem >> auth.pem
+openssl x509 -subject -in client2.pem >> auth.pem
+.Ed
+.It
+Configure
+.Nm
+to verify client certificates
+against the CA file:
+.Bd -literal -offset indent
+local-ca = auth.pem
+# or: pounce -A auth.pem
+.Ed
+.El
+.
+.Pp
+Alternatively,
+client certificates can be signed
+by a generated certificate authority:
+.
+.Bl -enum
+.It
+Generate a self-signed certificate authority:
 .Bd -literal -offset indent
 pounce -g auth.pem
 .Ed