diff options
-rw-r--r-- | pounce.1 | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/pounce.1 b/pounce.1 index 6190d6d..59c8728 100644 --- a/pounce.1 +++ b/pounce.1 @@ -1,4 +1,4 @@ -.Dd July 6, 2020 +.Dd August 1, 2020 .Dt POUNCE 1 .Os . @@ -427,7 +427,36 @@ not to the server. .Ss Generating Client Certificates .Bl -enum .It -Generate a self-signed certificate authority (CA): +Generate self-signed client certificates and private keys: +.Bd -literal -offset indent +pounce -g client1.pem +pounce -g client2.pem +.Ed +.It +Concatenate the certificate public keys into a CA file: +.Bd -literal -offset indent +openssl x509 -subject -in client1.pem >> auth.pem +openssl x509 -subject -in client2.pem >> auth.pem +.Ed +.It +Configure +.Nm +to verify client certificates +against the CA file: +.Bd -literal -offset indent +local-ca = auth.pem +# or: pounce -A auth.pem +.Ed +.El +. +.Pp +Alternatively, +client certificates can be signed +by a generated certificate authority: +. +.Bl -enum +.It +Generate a self-signed certificate authority: .Bd -literal -offset indent pounce -g auth.pem .Ed |