summaryrefslogtreecommitdiff
path: root/docs/critical/template.rst
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2016-05-07 23:01:11 +0200
committerJan Dittberner <jandd@cacert.org>2016-05-07 23:01:11 +0200
commit989555ee9aa0c4cbd7a2f43641c0943d16ce64af (patch)
tree50d892d680cac806b55753f0b3d6331a67c55f06 /docs/critical/template.rst
parent117b12689463d1518767fd51c75c154320864ce6 (diff)
downloadcacert-infradocs-989555ee9aa0c4cbd7a2f43641c0943d16ce64af.tar.gz
cacert-infradocs-989555ee9aa0c4cbd7a2f43641c0943d16ce64af.tar.xz
cacert-infradocs-989555ee9aa0c4cbd7a2f43641c0943d16ce64af.zip
Use new directives in host documentation
This commit changes the existing host documents to use the new sslcert and sshkeys directives. The templates have been adapted to contain example directives to be filled.
Diffstat (limited to 'docs/critical/template.rst')
-rw-r--r--docs/critical/template.rst45
1 files changed, 25 insertions, 20 deletions
diff --git a/docs/critical/template.rst b/docs/critical/template.rst
index 006f7ed..6419262 100644
--- a/docs/critical/template.rst
+++ b/docs/critical/template.rst
@@ -228,24 +228,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | |
-+-----------+-----------------------------------------------------+
-| DSA | |
-+-----------+-----------------------------------------------------+
-| ECDSA | |
-+-----------+-----------------------------------------------------+
-| ED25519 | |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
+.. add the MD5 fingerprints of the SSH host keys
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA:
+ :DSA:
+ :ECDSA:
+ :ED25519:
Dedicated user roles
--------------------
@@ -280,15 +269,31 @@ Critical Configuration items
Keys and X.509 certificates
---------------------------
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+.. use the sslcert directive to have certificates added to the certificate list
+ automatically
+
+.. sslcert:: template.cacert.org
+ :altnames:
+ :certfile:
+ :keyfile:
+ :serial:
+ :expiration:
+ :sha1fp:
+ :issuer:
+
+.. for certificates that are orginally created on another host use
+
+.. sslcert:: other.cacert.org
+ :certfile:
+ :keyfile:
+ :serial:
+ :secondary:
.. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
* `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
<service_x> configuration