summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2016-05-07 23:01:11 +0200
committerJan Dittberner <jandd@cacert.org>2016-05-07 23:01:11 +0200
commit989555ee9aa0c4cbd7a2f43641c0943d16ce64af (patch)
tree50d892d680cac806b55753f0b3d6331a67c55f06
parent117b12689463d1518767fd51c75c154320864ce6 (diff)
downloadcacert-infradocs-989555ee9aa0c4cbd7a2f43641c0943d16ce64af.tar.gz
cacert-infradocs-989555ee9aa0c4cbd7a2f43641c0943d16ce64af.tar.xz
cacert-infradocs-989555ee9aa0c4cbd7a2f43641c0943d16ce64af.zip
Use new directives in host documentation
This commit changes the existing host documents to use the new sslcert and sshkeys directives. The templates have been adapted to contain example directives to be filled.
-rw-r--r--docs/critical/template.rst45
-rw-r--r--docs/sshkeys.rst2
-rw-r--r--docs/systems/arbitration.rst23
-rw-r--r--docs/systems/blog.rst22
-rw-r--r--docs/systems/board.rst22
-rw-r--r--docs/systems/email.rst22
-rw-r--r--docs/systems/infra02.rst26
-rw-r--r--docs/systems/monitor.rst23
-rw-r--r--docs/systems/template.rst45
-rw-r--r--docs/systems/webmail.rst22
10 files changed, 79 insertions, 173 deletions
diff --git a/docs/critical/template.rst b/docs/critical/template.rst
index 006f7ed..6419262 100644
--- a/docs/critical/template.rst
+++ b/docs/critical/template.rst
@@ -228,24 +228,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | |
-+-----------+-----------------------------------------------------+
-| DSA | |
-+-----------+-----------------------------------------------------+
-| ECDSA | |
-+-----------+-----------------------------------------------------+
-| ED25519 | |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
+.. add the MD5 fingerprints of the SSH host keys
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA:
+ :DSA:
+ :ECDSA:
+ :ED25519:
Dedicated user roles
--------------------
@@ -280,15 +269,31 @@ Critical Configuration items
Keys and X.509 certificates
---------------------------
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+.. use the sslcert directive to have certificates added to the certificate list
+ automatically
+
+.. sslcert:: template.cacert.org
+ :altnames:
+ :certfile:
+ :keyfile:
+ :serial:
+ :expiration:
+ :sha1fp:
+ :issuer:
+
+.. for certificates that are orginally created on another host use
+
+.. sslcert:: other.cacert.org
+ :certfile:
+ :keyfile:
+ :serial:
+ :secondary:
.. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
* `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
<service_x> configuration
diff --git a/docs/sshkeys.rst b/docs/sshkeys.rst
index b9d8ec0..07efa21 100644
--- a/docs/sshkeys.rst
+++ b/docs/sshkeys.rst
@@ -1,3 +1,5 @@
=============
SSH Host Keys
=============
+
+.. sshkeylist::
diff --git a/docs/systems/arbitration.rst b/docs/systems/arbitration.rst
index 7558690..04aea5c 100644
--- a/docs/systems/arbitration.rst
+++ b/docs/systems/arbitration.rst
@@ -195,27 +195,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``a3:6c:f1:f8:8c:81:7c:f7:3b:4e:e4:0e:a3:02:8e:18`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``eb:66:0e:0d:d1:f3:d8:02:3a:ed:71:7a:b2:04:db:75`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``54:a3:76:46:66:fc:3f:2d:9b:e4:bd:49:ba:fe:98:09`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: a3:6c:f1:f8:8c:81:7c:f7:3b:4e:e4:0e:a3:02:8e:18
+ :DSA: eb:66:0e:0d:d1:f3:d8:02:3a:ed:71:7a:b2:04:db:75
+ :ECDSA: 54:a3:76:46:66:fc:3f:2d:9b:e4:bd:49:ba:fe:98:09
.. todo:: setup ED25519 host key
-.. seealso::
-
- See :doc:`../sshkeys`
-
Dedicated user roles
--------------------
@@ -256,7 +242,6 @@ Keys and X.509 certificates
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
Nginx configuration
diff --git a/docs/systems/blog.rst b/docs/systems/blog.rst
index 46fc16c..3a11d39 100644
--- a/docs/systems/blog.rst
+++ b/docs/systems/blog.rst
@@ -220,27 +220,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``ec:cb:b5:13:7c:17:c4:c3:23:3d:ee:01:58:75:b5:8d`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``c6:a7:52:f6:63:ce:73:95:41:35:90:45:9e:e0:06:a5`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``00:d7:4b:3c:da:1b:24:76:74:1c:dd:2c:64:50:5f:81`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: ec:cb:b5:13:7c:17:c4:c3:23:3d:ee:01:58:75:b5:8d
+ :DSA: c6:a7:52:f6:63:ce:73:95:41:35:90:45:9e:e0:06:a5
+ :ECDSA: 00:d7:4b:3c:da:1b:24:76:74:1c:dd:2c:64:50:5f:81
.. todo:: setup ED25519 host key
-.. seealso::
-
- See :doc:`../sshkeys`
-
Dedicated user roles
--------------------
diff --git a/docs/systems/board.rst b/docs/systems/board.rst
index b454b27..3e97217 100644
--- a/docs/systems/board.rst
+++ b/docs/systems/board.rst
@@ -197,27 +197,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``c7:a0:3f:63:a5:cb:9a:8f:1f:eb:55:63:46:c3:8d:f1`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``f6:b7:e5:52:24:27:1e:ea:32:c8:f1:2e:45:f7:24:d3`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``0f:fc:76:f8:24:99:95:f7:d2:28:59:6e:f0:1e:39:ac`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: c7:a0:3f:63:a5:cb:9a:8f:1f:eb:55:63:46:c3:8d:f1
+ :DSA: f6:b7:e5:52:24:27:1e:ea:32:c8:f1:2e:45:f7:24:d3
+ :ECDSA: 0f:fc:76:f8:24:99:95:f7:d2:28:59:6e:f0:1e:39:ac
.. todo:: setup ED25519 host key
-.. seealso::
-
- See :doc:`../sshkeys`
-
Non-distribution packages and modifications
-------------------------------------------
diff --git a/docs/systems/email.rst b/docs/systems/email.rst
index 1c801aa..d0b5eb1 100644
--- a/docs/systems/email.rst
+++ b/docs/systems/email.rst
@@ -214,29 +214,14 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``a1:d2:17:53:6b:0f:b6:a4:14:13:46:f7:04:ef:4a:23`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``f4:eb:0a:36:40:1c:55:6b:75:a2:26:34:ea:18:7e:91`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | \- |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: a1:d2:17:53:6b:0f:b6:a4:14:13:46:f7:04:ef:4a:23
+ :DSA: f4:eb:0a:36:40:1c:55:6b:75:a2:26:34:ea:18:7e:91
.. warning::
The system is too old to support ECDSA or ED25519 keys.
-.. seealso::
-
- See :doc:`../sshkeys`
-
Non-distribution packages and modifications
-------------------------------------------
@@ -290,7 +275,6 @@ Postfix and IMAP with STARTTLS, IMAPS, POP3 with STARTTLS, POP3S and pysieved)
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
Apache configuration
diff --git a/docs/systems/infra02.rst b/docs/systems/infra02.rst
index 76cc3b9..6306528 100644
--- a/docs/systems/infra02.rst
+++ b/docs/systems/infra02.rst
@@ -203,27 +203,11 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-.. index::
- single: SSH host keys; Infra02
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | ``25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4`` |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
-
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA: 86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c
+ :DSA: b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5
+ :ECDSA: 79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0
+ :ED25519: 25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4
Dedictated user roles
---------------------
diff --git a/docs/systems/monitor.rst b/docs/systems/monitor.rst
index c206e43..fb5472a 100644
--- a/docs/systems/monitor.rst
+++ b/docs/systems/monitor.rst
@@ -223,24 +223,10 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``df:98:f5:ea:05:c1:47:52:97:58:8f:42:55:d6:d9:b6`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``07:2b:10:b1:6d:79:35:0f:83:aa:fc:ba:d6:2f:51:dc`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``48:46:b1:5a:4e:05:64:8a:c3:76:33:77:20:91:14:70`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
-
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA: df:98:f5:ea:05:c1:47:52:97:58:8f:42:55:d6:d9:b6
+ :DSA: 07:2b:10:b1:6d:79:35:0f:83:aa:fc:ba:d6:2f:51:dc
+ :ECDSA: 48:46:b1:5a:4e:05:64:8a:c3:76:33:77:20:91:14:70
Non-distribution packages and modifications
-------------------------------------------
@@ -273,7 +259,6 @@ Keys and X.509 certificates
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
CRL fetch job
diff --git a/docs/systems/template.rst b/docs/systems/template.rst
index 006f7ed..6419262 100644
--- a/docs/systems/template.rst
+++ b/docs/systems/template.rst
@@ -228,24 +228,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | |
-+-----------+-----------------------------------------------------+
-| DSA | |
-+-----------+-----------------------------------------------------+
-| ECDSA | |
-+-----------+-----------------------------------------------------+
-| ED25519 | |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
+.. add the MD5 fingerprints of the SSH host keys
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA:
+ :DSA:
+ :ECDSA:
+ :ED25519:
Dedicated user roles
--------------------
@@ -280,15 +269,31 @@ Critical Configuration items
Keys and X.509 certificates
---------------------------
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+.. use the sslcert directive to have certificates added to the certificate list
+ automatically
+
+.. sslcert:: template.cacert.org
+ :altnames:
+ :certfile:
+ :keyfile:
+ :serial:
+ :expiration:
+ :sha1fp:
+ :issuer:
+
+.. for certificates that are orginally created on another host use
+
+.. sslcert:: other.cacert.org
+ :certfile:
+ :keyfile:
+ :serial:
+ :secondary:
.. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
* `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
<service_x> configuration
diff --git a/docs/systems/webmail.rst b/docs/systems/webmail.rst
index 14eded6..5eab801 100644
--- a/docs/systems/webmail.rst
+++ b/docs/systems/webmail.rst
@@ -206,29 +206,14 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``82:91:22:22:10:75:ab:0e:55:05:9a:f9:98:cb:94:48`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``6b:6e:59:37:41:83:a5:89:2a:18:04:23:51:53:5d:cd`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | \- |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: 82:91:22:22:10:75:ab:0e:55:05:9a:f9:98:cb:94:48
+ :DSA: 6b:6e:59:37:41:83:a5:89:2a:18:04:23:51:53:5d:cd
.. warning::
The system is too old to support ECDSA or ED25519 keys.
-.. seealso::
-
- See :doc:`../sshkeys`
-
Non-distribution packages and modifications
-------------------------------------------
@@ -279,7 +264,6 @@ Keys and X.509 certificates
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
Apache configuration