github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 10:18:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Spelling errors and punctuation have been corrected

Browse Source
This commit is contained in:
Anton Patsev
2024-02-20 10:35:24 +06:00
parent e6491ca28b
commit 0a074cb8ff
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -36,7 +36,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- Generation of first provisioner name on `step ca init` in (smallstep/certificates#1566)
- Processing of SCEP Get PKIOperation requests in (smallstep/certificates#1570)
- Support for signing identity certificate during SSH sign by skipping URI validation in (smallstep/certificates#1572)
- Support for signing identity certificate during SSH sign by skipping URI validation in (smallstep/certificates#1572)
- Dependency on `micromdm/scep` and `go.mozilla.org/pkcs7` to use Smallstep forks in (smallstep/certificates#1600)
- Make the Common Name validator for JWK provisioners accept values from SANs too in (smallstep/certificates#1609)

16
examples/README.md
View File

@@ -21,7 +21,7 @@ the token does contain the root fingerprint then it is simpler to use:
client, err := ca.Bootstrap(token)
```
After the initialization there are examples of all the client methods. These
After the initialization, there are examples of all the client methods. These
methods are a convenient way to use the CA API. The first method, `Health`,
returns the status of the CA server. If the server is up it will return
`{"status":"ok"}`.
@@ -77,7 +77,7 @@ if err != nil { ... }
```
The following methods are for inpsecting Provisioners.
One method that returns a list of provisioners or a the encrypted key of one provisioner.
One method that returns a list of provisioners or an encrypted key of one provisioner.
```go
// Without options it will return the first 20 provisioners.
@@ -98,7 +98,7 @@ key, err := client.ProvisionerKey("DmAtZt2EhmZr_iTJJ387fr4Md2NbzMXGdXQNW1UWPXk")
```
The following example shows how to create a
tls.Config object that can be injected into servers and clients. By default these
tls.Config object that can be injected into servers and clients. By default, these
methods will spin off Go routines that auto-renew a certificate once (approximately)
two thirds of the duration of the certificate has passed.
@@ -184,7 +184,7 @@ resp, err := client.Get("https://localhost:8443")
```
We will demonstrate the mTLS configuration in a different example. In this
examplefor we will configure the server to only verify client certificates
example for we will configure the server to only verify client certificates
if they are provided.
To being with let's start the Step CA:
@@ -226,7 +226,7 @@ If you'd like to turn off curl's verification of the certificate, use
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.
```
Now lets use the root certificate generated for the Step PKI. It should work.
Now let's use the root certificate generated for the Step PKI. It should work.
```sh
certificates $ curl --cacert examples/pki/secrets/root_ca.crt https://localhost:8443
@@ -236,7 +236,7 @@ Hello nobody at 2018-11-03 01:49:25.66912 +0000 UTC!!!
Notice that in the response we see `nobody`. This is because the server did not
detected a TLS client configuration.
But if we create a client with it's own certificate (generated by the Step CA),
But if we create a client with its own certificate (generated by the Step CA),
we should see the Common Name of the client certificate:
```sh
@@ -304,7 +304,7 @@ We can use the bootstrap-server to demonstrate certificate rotation. We've
added a second provisioner, named `mike@smallstep.com`, to the CA configuration.
This provisioner is has a default certificate duration of 2 minutes.
Let's run the server, and inspect the certificate. We can should be able to
see the certificate rotate once approximately 2/3rds of it's lifespan has passed.
see the certificate rotate once approximately 2/3rds of its lifespan has passed.
```sh
certificates $ export STEPPATH=examples/pki
@@ -320,7 +320,7 @@ The exact formula is `<duration>-<duration>/3-rand(<duration>/20)` (`duration=12
in our example).
We can use the following command to check the certificate expiration and to make
sure the certificate changes after 74-80 seconds.
sure the certificate changes after 74-80 seconds.
```sh
certificates $ step certificate inspect --insecure https://localhost:8443

2
scripts/README.md
View File

@@ -4,5 +4,5 @@ Please note that `install-step-ra.sh` is referenced on the `files.smallstep.com`
## badger-migration
badger-migration is a tool that allows migrating data data from BadgerDB (v1 or
badger-migration is a tool that allows migrating data from BadgerDB (v1 or
v2) to MySQL or PostgreSQL.