unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Doc: fix default server certificate role

Browse Source
This commit is contained in:
Ben Vincent 2024-04-27 22:12:18 +10:00
parent c5d63bd6f8
commit 5e31af2ee2
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/vault/setup.md
View File

@ -36,10 +36,12 @@
vault write pki_int/roles/servers_default \
issuer_ref="$(vault read -field=default pki_int/config/issuers)" \
allow_ip_sans=true \
allowed_domains="unkin.net,prod*" \
allowed_domains="unkin.net, *.unkin.net, localhost" \
allow_subdomains=true \
allow_bare_domains=true \
allow_glob_domains=true \
allow_bare_domains=true \
enforce_hostnames=true \
allow_any_name=true \
max_ttl="2160h" \
key_bits=4096 \
country="Australia"
@ -49,7 +51,6 @@
vault write pki_int/issue/servers_default common_name="test.main.unkin.net" ttl="24h"
vault write pki_int/issue/servers_default common_name="*.test.main.unkin.net" ttl="24h"
# remove expired certificates
vault write pki_int/tidy tidy_cert_store=true tidy_revoked_certs=true