From a1ef87e92b257b770ef99b1e8130ba2cb5c5aae1 Mon Sep 17 00:00:00 2001 From: Max Pearl Date: Thu, 15 Jul 2021 12:32:01 -0700 Subject: [PATCH] Tweaks in HOW-TO-INSTALL for HARICA. --- docs.d/HOW-TO-INSTALL.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs.d/HOW-TO-INSTALL.md b/docs.d/HOW-TO-INSTALL.md index e0430cd..86ebbb3 100644 --- a/docs.d/HOW-TO-INSTALL.md +++ b/docs.d/HOW-TO-INSTALL.md @@ -141,6 +141,7 @@ passphrase, and remember it, because you will need it soon. Also: make sure to download the `privateKey.pem` file that is offered, and keep it in a safe place. +If you manually create the CSR on the server, you'll use the 'onionaddress.key' file generated by openssl. ## You will need to prove ownership of the site, to the CA For example: HARICA will tell you that you need to post @@ -169,6 +170,8 @@ eotk config projectname.conf && eotk nxreload projectname ...to install the URL handlers. +HARICA has a process of validation which involves generating an onion-csr. You won't need to add anything to your configuration. + ### Optional: what if you have multiple Onion addresses? You can put multiple `path,value` strings into `ssl_proof_csv`, space-separated; @@ -225,7 +228,7 @@ There are two steps to installation: Step 1: copy the PEM Bundle file from HARICA, on top of `ONIONADDRESS.onion.cert` -Step 2: unlock and extract the private key, by doing: +Step 2: unlock and extract (or rename) the private key, by doing: `openssl ec -in privateKey.pem -out ONIONADDRESS.onion.pem` @@ -233,6 +236,9 @@ Step 2: unlock and extract the private key, by doing: if you chose to use RSA as the algorithm, you will need to use `openssl rsa ...` instead. +If you manually created the CSR, then rename the 'onionaddress.key' file +the CSR generated to 'onionaddress.onion.pem'. + Then: change directory back to the EOTK directory, and do `eotk nxreload projectname`, and test it.