From a432773c8a76e42f875adee19ebd6d401883184d Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Sat, 1 Aug 2020 18:15:17 -0400 Subject: Document concatenating client certificates for auth This is actually the better approach since certificates can easily be removed from the file. --- pounce.1 | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/pounce.1 b/pounce.1 index 6190d6d..59c8728 100644 --- a/pounce.1 +++ b/pounce.1 @@ -1,4 +1,4 @@ -.Dd July 6, 2020 +.Dd August 1, 2020 .Dt POUNCE 1 .Os . @@ -427,7 +427,36 @@ not to the server. .Ss Generating Client Certificates .Bl -enum .It -Generate a self-signed certificate authority (CA): +Generate self-signed client certificates and private keys: +.Bd -literal -offset indent +pounce -g client1.pem +pounce -g client2.pem +.Ed +.It +Concatenate the certificate public keys into a CA file: +.Bd -literal -offset indent +openssl x509 -subject -in client1.pem >> auth.pem +openssl x509 -subject -in client2.pem >> auth.pem +.Ed +.It +Configure +.Nm +to verify client certificates +against the CA file: +.Bd -literal -offset indent +local-ca = auth.pem +# or: pounce -A auth.pem +.Ed +.El +. +.Pp +Alternatively, +client certificates can be signed +by a generated certificate authority: +. +.Bl -enum +.It +Generate a self-signed certificate authority: .Bd -literal -offset indent pounce -g auth.pem .Ed -- cgit 1.4.1