mirror
/
Enterprise-Onion-Toolkit
kopia lustrzana https://github.com/alecmuffett/eotk
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Update HOW-TO-INSTALL.md 

simplify secret tokens
pull/98/head
Alec Muffett 2021-06-02 16:57:51 +01:00 zatwierdzone przez GitHub
rodzic 8b14840327
commit b1254c4036
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
1 zmienionych plików z 11 dodań i 10 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

21
docs.d/HOW-TO-INSTALL.md
Wyświetl plik

@ -118,7 +118,7 @@ rendering these issues moot.
See below. See below.
# Buying a HTTPS Certificate from HARICA # Buying a HTTPS Certificate from a Certificate Authority
If you choose to buy an Onion HTTPS certificate from (e.g.) HARICA, If you choose to buy an Onion HTTPS certificate from (e.g.) HARICA,
what will happen, and what will you need to do? what will happen, and what will you need to do?
@ -141,23 +141,24 @@ passphrase, and remember it, because you will need it soon.
Also: make sure to download the `privateKey.pem` file that Also: make sure to download the `privateKey.pem` file that
is offered, and keep it in a safe place. is offered, and keep it in a safe place.
## You will need to prove ownership of the site, to HARICA ## You will need to prove ownership of the site, to the CA
HARICA will tell you that you need to post a secret key For example: HARICA will tell you that you need to post
at a particular URL on your onion site; the message will a secret key at a particular URL on your onion site;
be like: the message will read something like:
> Place the file **FiLeNaMe** to http://**ONIONADDRESS**.onion/.well-known/pki-validation/ > Place the file FILENAME to http://ONIONADDRESS.onion/.well-known/pki-validation/
...and they will offer you a file to download. ...and they will offer you a file to download.
Download this file, and open it with a text editor. Download this file, and open it with a text editor;
The content will be a long secret string, like **ThIsIsArEaLlYlOnGsEcReT** the content will be a long secret string,
like THISISAREALLYLONGHEXADECIMALSECRET
Add a line to your EOTK configuration, substituting the values where necessary: Add a line to your EOTK configuration, substituting the values where necessary:
``` ```
set ssl_proof_csv /.well-known/pki-validation/FiLeNaMe,ThIsIsArEaLlYlOnGsEcReT set ssl_proof_csv /.well-known/pki-validation/FILENAME,THISISAREALLYLONGHEXADECIMALSECRET
``` ```
Then do something like: Then do something like:
@ -211,7 +212,7 @@ For each certificate, HARICA will offer you several files to download;
download the "PEM Bundle" file and copy it to your EOTK server. download the "PEM Bundle" file and copy it to your EOTK server.
Also: copy the `privateKey.pem` file (mentioned above) to the EOTK server. Also: copy the `privateKey.pem` file (mentioned above) to the EOTK server.
Next, change Directory into `~/eotk/projects.d/**PROJECTNAME**.d/ssl.d`; Next, change Directory into `~/eotk/projects.d/PROJECTNAME.d/ssl.d`;
you should see your development certificates, which will look like: you should see your development certificates, which will look like:
``` ```