kopia lustrzana https://github.com/alecmuffett/eotk
Tweaks in HOW-TO-INSTALL for HARICA.
rodzic
f234fbd96d
commit
a1ef87e92b
|
@ -141,6 +141,7 @@ passphrase, and remember it, because you will need it soon.
|
||||||
Also: make sure to download the `privateKey.pem` file that
|
Also: make sure to download the `privateKey.pem` file that
|
||||||
is offered, and keep it in a safe place.
|
is offered, and keep it in a safe place.
|
||||||
|
|
||||||
|
If you manually create the CSR on the server, you'll use the 'onionaddress.key' file generated by openssl.
|
||||||
## You will need to prove ownership of the site, to the CA
|
## You will need to prove ownership of the site, to the CA
|
||||||
|
|
||||||
For example: HARICA will tell you that you need to post
|
For example: HARICA will tell you that you need to post
|
||||||
|
@ -169,6 +170,8 @@ eotk config projectname.conf && eotk nxreload projectname
|
||||||
|
|
||||||
...to install the URL handlers.
|
...to install the URL handlers.
|
||||||
|
|
||||||
|
HARICA has a process of validation which involves generating an onion-csr. You won't need to add anything to your configuration.
|
||||||
|
|
||||||
### Optional: what if you have multiple Onion addresses?
|
### Optional: what if you have multiple Onion addresses?
|
||||||
|
|
||||||
You can put multiple `path,value` strings into `ssl_proof_csv`, space-separated;
|
You can put multiple `path,value` strings into `ssl_proof_csv`, space-separated;
|
||||||
|
@ -225,7 +228,7 @@ There are two steps to installation:
|
||||||
|
|
||||||
Step 1: copy the PEM Bundle file from HARICA, on top of `ONIONADDRESS.onion.cert`
|
Step 1: copy the PEM Bundle file from HARICA, on top of `ONIONADDRESS.onion.cert`
|
||||||
|
|
||||||
Step 2: unlock and extract the private key, by doing:
|
Step 2: unlock and extract (or rename) the private key, by doing:
|
||||||
|
|
||||||
`openssl ec -in privateKey.pem -out ONIONADDRESS.onion.pem`
|
`openssl ec -in privateKey.pem -out ONIONADDRESS.onion.pem`
|
||||||
|
|
||||||
|
@ -233,6 +236,9 @@ Step 2: unlock and extract the private key, by doing:
|
||||||
if you chose to use RSA as the algorithm, you will need to use
|
if you chose to use RSA as the algorithm, you will need to use
|
||||||
`openssl rsa ...` instead.
|
`openssl rsa ...` instead.
|
||||||
|
|
||||||
|
If you manually created the CSR, then rename the 'onionaddress.key' file
|
||||||
|
the CSR generated to 'onionaddress.onion.pem'.
|
||||||
|
|
||||||
Then: change directory back to the EOTK directory,
|
Then: change directory back to the EOTK directory,
|
||||||
and do `eotk nxreload projectname`, and test it.
|
and do `eotk nxreload projectname`, and test it.
|
||||||
|
|
||||||
|
|
Ładowanie…
Reference in New Issue