fix(ca): removed horrendous typos and sentences that made practically no sense
This commit is contained in:
@@ -16,14 +16,14 @@ That's it.
|
||||
|
||||
And since I have friends that like to do very smart pranks involving MITM attacks, I want to protect myself (and my passwords, as long as they might be) from them......
|
||||
|
||||
Ok I may be the "friend" that play these pranks but I always ask for their consent!
|
||||
Ok I may be the "friend" that does these pranks but I always ask for their consent!
|
||||
|
||||
Jokes aside, we will use [step-ca](https://smallstep.com/docs/step-ca) as it's lightweight, easy to deploy and it just works.
|
||||
|
||||
## Machine
|
||||
|
||||
I have deployed my instance on a separate LXC on proxmox:
|
||||
- OS: Debian (I used Buster but chose what you want)
|
||||
- OS: Debian
|
||||
- CPU: 1
|
||||
- RAM: 2G (Might be overkill, but I have loads of RAM)
|
||||
- Storage: 15 GB (Bit too much, but I don't care)
|
||||
@@ -46,7 +46,7 @@ wget https://dl.step.sm/gh-release/certificates/gh-release-header/v0.21.0/step-c
|
||||
sudo dpkg -i step-ca_0.21.0_amd64.deb
|
||||
```
|
||||
|
||||
`step-ca` can be setup as a systemd service, but instead of copy pasting their instructions like a moron, I'll just tell you to follow them [here](https://smallstep.com/docs/step-ca/certificate-authority-server-production#running-step-ca-as-a-daemon).
|
||||
`step-ca` can be setup as a systemd service, but instead of copy-pasting their instructions like a moron, I'll just tell you to follow them [here](https://smallstep.com/docs/step-ca/certificate-authority-server-production#running-step-ca-as-a-daemon).
|
||||
There are a lot of steps so please be sure to read the instructions carefully.
|
||||
|
||||
## Configuration
|
||||
@@ -57,15 +57,15 @@ You might want to continue reading this though as we'll see how to setup the ACM
|
||||
|
||||
### ACME server ?
|
||||
|
||||
Come on, you've probably already heard about that; ever heard of _Let's Encrypt_ ? Maybe their _certbot_ script ? Well, it can requests certs as an ACME client.
|
||||
Come on, I'm pretty sure that you've already heard about it; does _Let's Encrypt_ ring any bell ? Maybe their _certbot_ script ? Well, it can request certs as an ACME client.
|
||||
If you love reading documentations, go ahead and do so [here](https://letsencrypt.org/docs/client-options/).
|
||||
|
||||
TLDR: deploying an ACME server on you CA will allow you to requests cetrificates for your local services using scripts like certbot or even [Traefik](https://traefik.io/) (and we'll even talk about this later on).
|
||||
**TLDR**: deploying an ACME server on your CA will allow you to request certificates for your local services using `certbot` or [Traefik](https://traefik.io/) (and we'll even talk about this later on) for example.
|
||||
|
||||
### I'm sold, show me the magic
|
||||
|
||||
I knew you'd like it!
|
||||
Setting up the server isn't that hard, you'll need to add an ACME provisionner:
|
||||
Setting up the server isn't hard at all, you'll just need to add an ACME provisionner:
|
||||
```sh
|
||||
step ca provisioner add acme --type ACME
|
||||
```
|
||||
@@ -78,7 +78,7 @@ You can try to request a certificate from your ACME server with:
|
||||
```sh
|
||||
step ca certificate <domain name> --provisioner acme
|
||||
```
|
||||
Please note that this last command might not work if you already have a service listening on port 80 as the `step` command.
|
||||
Please note that this last command might not work if you already have a service listening on port 80 as it launches a web server.
|
||||
|
||||
## Actual usage
|
||||
|
||||
|
||||
Reference in New Issue
Block a user