kopia lustrzana https://github.com/alecmuffett/eotk
Tweaks in HOW-TO-INSTALL for HARICA.
rodzic
f234fbd96d
commit
a1ef87e92b
|
@ -141,6 +141,7 @@ passphrase, and remember it, because you will need it soon.
|
|||
Also: make sure to download the `privateKey.pem` file that
|
||||
is offered, and keep it in a safe place.
|
||||
|
||||
If you manually create the CSR on the server, you'll use the 'onionaddress.key' file generated by openssl.
|
||||
## You will need to prove ownership of the site, to the CA
|
||||
|
||||
For example: HARICA will tell you that you need to post
|
||||
|
@ -169,6 +170,8 @@ eotk config projectname.conf && eotk nxreload projectname
|
|||
|
||||
...to install the URL handlers.
|
||||
|
||||
HARICA has a process of validation which involves generating an onion-csr. You won't need to add anything to your configuration.
|
||||
|
||||
### Optional: what if you have multiple Onion addresses?
|
||||
|
||||
You can put multiple `path,value` strings into `ssl_proof_csv`, space-separated;
|
||||
|
@ -225,7 +228,7 @@ There are two steps to installation:
|
|||
|
||||
Step 1: copy the PEM Bundle file from HARICA, on top of `ONIONADDRESS.onion.cert`
|
||||
|
||||
Step 2: unlock and extract the private key, by doing:
|
||||
Step 2: unlock and extract (or rename) the private key, by doing:
|
||||
|
||||
`openssl ec -in privateKey.pem -out ONIONADDRESS.onion.pem`
|
||||
|
||||
|
@ -233,6 +236,9 @@ Step 2: unlock and extract the private key, by doing:
|
|||
if you chose to use RSA as the algorithm, you will need to use
|
||||
`openssl rsa ...` instead.
|
||||
|
||||
If you manually created the CSR, then rename the 'onionaddress.key' file
|
||||
the CSR generated to 'onionaddress.onion.pem'.
|
||||
|
||||
Then: change directory back to the EOTK directory,
|
||||
and do `eotk nxreload projectname`, and test it.
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue