kopia lustrzana https://github.com/alecmuffett/eotk
add warning signs
rodzic
5a4735d596
commit
4d66be162a
|
@ -1,7 +1,7 @@
|
||||||
# The Enterprise Onion Toolkit
|
# The Enterprise Onion Toolkit
|
||||||
![banner image](docs.d/hello-onion-text.png)
|
![banner image](docs.d/hello-onion-text.png)
|
||||||
|
|
||||||
## :warning: Important HTTPS-related Annoucement: March 2022
|
## :warning: Important HTTPS-related Annoucement: March 2022 :warning:
|
||||||
|
|
||||||
I've landed a small breaking change in order to better-support HARICA as a certificate provider,
|
I've landed a small breaking change in order to better-support HARICA as a certificate provider,
|
||||||
but also for better usability; this change impacts any project with a multi-onion
|
but also for better usability; this change impacts any project with a multi-onion
|
||||||
|
@ -13,7 +13,8 @@ EV certificate from Digicert.
|
||||||
* onion scratch-directory name changes:
|
* onion scratch-directory name changes:
|
||||||
* was: `projects.d/tweep.d/abcdefghijklmnopqrstuvwxyza-v3.d/port-80.sock`
|
* was: `projects.d/tweep.d/abcdefghijklmnopqrstuvwxyza-v3.d/port-80.sock`
|
||||||
* now: `projects.d/tweep.d/abcdefghijklmnopqrst-v3.d/port-80.sock`
|
* now: `projects.d/tweep.d/abcdefghijklmnopqrst-v3.d/port-80.sock`
|
||||||
* this may mean some scratch directories are remade
|
* :warning: this means that some scratch directories may be are remade,
|
||||||
|
so a full restart is advisable after updating
|
||||||
* https certificate path-name changes
|
* https certificate path-name changes
|
||||||
* was: HTTPS certificate files used the full onion address
|
* was: HTTPS certificate files used the full onion address
|
||||||
* now: onion HTTPS certificates are now expected to be installed in
|
* now: onion HTTPS certificates are now expected to be installed in
|
||||||
|
@ -21,13 +22,13 @@ EV certificate from Digicert.
|
||||||
PROJECTNAME:
|
PROJECTNAME:
|
||||||
* `/projects.d/PROJECTNAME.d/ssl.d/ONIONADDRFIRST20CHAR-v3.onion.cert`
|
* `/projects.d/PROJECTNAME.d/ssl.d/ONIONADDRFIRST20CHAR-v3.onion.cert`
|
||||||
* `/projects.d/PROJECTNAME.d/ssl.d/ONIONADDRFIRST20CHAR-v3.onion.pem`
|
* `/projects.d/PROJECTNAME.d/ssl.d/ONIONADDRFIRST20CHAR-v3.onion.pem`
|
||||||
* this means that you may need to rename pre-existing certificate
|
* :warning: this means that you will need to rename pre-existing certificate
|
||||||
`cert` and `pem` files after you update and reconfigure;
|
`cert` and `pem` files after you update and reconfigure;
|
||||||
**if you fail to do this you will see "self-signed certificate" warnings**
|
**if you fail to do this you will see "self-signed certificate" warnings**
|
||||||
* if you are using 'multi' certificates (such as some Digicert EV) where a
|
* if you are using 'multi' certificates (such as some Digicert EV) where a
|
||||||
single certificate contains all SubjectAltNames for 2+ onion
|
single certificate contains all SubjectAltNames for 2+ onion
|
||||||
addresses that are part of a single project:
|
addresses that are part of a single project:
|
||||||
* do `set ssl_cert_each_onion 0` in the configuration, to re-enable
|
* :warning: do `set ssl_cert_each_onion 0` in the configuration, to re-enable
|
||||||
multi cert handling
|
multi cert handling
|
||||||
* was: path would have been
|
* was: path would have been
|
||||||
`projects.d/PROJECTNAME.d/ssl.d/PRIMARYONIONADDRESSWASHERE.pem`
|
`projects.d/PROJECTNAME.d/ssl.d/PRIMARYONIONADDRESSWASHERE.pem`
|
||||||
|
|
Ładowanie…
Reference in New Issue