From 672db9bef62ec202fa9ae56190eccdb60741dc20 Mon Sep 17 00:00:00 2001 From: Hans Hasselberg Date: Tue, 17 Mar 2020 21:00:45 +0100 Subject: [PATCH] docs: fix filenames (#7453) --- command/tls/cert/create/tls_cert_create.go | 8 ++++---- command/tls/cert/tls_cert.go | 8 ++++---- website/source/docs/commands/tls.html.md | 4 ++-- website/source/docs/commands/tls/cert.html.md.erb | 6 +++--- .../source/docs/guides/agent-encryption.html.md | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/command/tls/cert/create/tls_cert_create.go b/command/tls/cert/create/tls_cert_create.go index b50893cd5..1a881acc3 100644 --- a/command/tls/cert/create/tls_cert_create.go +++ b/command/tls/cert/create/tls_cert_create.go @@ -228,10 +228,10 @@ Usage: consul tls cert create [options] and all ACL tokens. Do not distribute them to production hosts that are not server nodes. Store them as securely as CA keys. ==> Using consul-agent-ca.pem and consul-agent-ca-key.pem - ==> Saved consul-server-dc1-0.pem - ==> Saved consul-server-dc1-0-key.pem + ==> Saved dc1-server-consul-0.pem + ==> Saved dc1-server-consul-0-key.pem $ consul tls cert -client ==> Using consul-agent-ca.pem and consul-agent-ca-key.pem - ==> Saved consul-client-dc1-0.pem - ==> Saved consul-client-dc1-0-key.pem + ==> Saved dc1-client-consul-0.pem + ==> Saved dc1-client-consul-0-key.pem ` diff --git a/command/tls/cert/tls_cert.go b/command/tls/cert/tls_cert.go index 57514ad87..c706f0c6f 100644 --- a/command/tls/cert/tls_cert.go +++ b/command/tls/cert/tls_cert.go @@ -35,14 +35,14 @@ Usage: consul tls cert [options] [filename-prefix] Create a certificate $ consul tls cert create -server - ==> saved consul-server-dc1.pem - ==> saved consul-server-dc1-key.pem + ==> saved dc1-server-consul.pem + ==> saved dc1-server-consul-key.pem Create a certificate with your own CA: $ consul tls cert create -server -ca-file my-ca.pem -ca-key-file my-ca-key.pem - ==> saved consul-server-dc1.pem - ==> saved consul-server-dc1-key.pem + ==> saved dc1-server-consul.pem + ==> saved dc1-server-consul-key.pem For more examples, ask for subcommand help or view the documentation. ` diff --git a/website/source/docs/commands/tls.html.md b/website/source/docs/commands/tls.html.md index 786d64631..72cd7565a 100644 --- a/website/source/docs/commands/tls.html.md +++ b/website/source/docs/commands/tls.html.md @@ -25,8 +25,8 @@ Create a client certificate: ```text $ consul tls cert create -client ==> Using consul-agent-ca.pem and consul-agent-ca-key.pem -==> Saved consul-client-dc1-0.pem -==> Saved consul-client-dc1-0-key.pem +==> Saved dc1-client-consul-0.pem +==> Saved dc1-client-consul-0-key.pem ``` For more examples, ask for subcommand help or view the subcommand documentation diff --git a/website/source/docs/commands/tls/cert.html.md.erb b/website/source/docs/commands/tls/cert.html.md.erb index 6188ac3cc..2d1f5607d 100644 --- a/website/source/docs/commands/tls/cert.html.md.erb +++ b/website/source/docs/commands/tls/cert.html.md.erb @@ -22,8 +22,8 @@ $ consul tls cert create -server and all ACL tokens. Do not distribute them to production hosts that are not server nodes. Store them as securely as CA keys. ==> Using consul-ca.pem and consul-ca-key.pem -==> Saved consul-server-dc1-0.pem -==> Saved consul-server-dc1-0-key.pem +==> Saved dc1-server-consul-0.pem +==> Saved dc1-server-consul-0-key.pem ``` Create a certificate for clients: @@ -67,4 +67,4 @@ Usage: `consul tls cert create [filename-prefix] [options]` - `-key=` - Provide path to the key -- `-server` - Generate server certificate \ No newline at end of file +- `-server` - Generate server certificate diff --git a/website/source/docs/guides/agent-encryption.html.md b/website/source/docs/guides/agent-encryption.html.md index 56ae7c0c9..6fd8f53c1 100644 --- a/website/source/docs/guides/agent-encryption.html.md +++ b/website/source/docs/guides/agent-encryption.html.md @@ -144,12 +144,12 @@ After TLS has been configured on all the agents, you can start the agents and RP "verify_outgoing": true, "verify_server_hostname": true, "ca_file": "consul-agent-ca.pem", - "cert_file": "consul-server-dc1-0.pem", - "key_file": "consul-server-dc1-0-key.pem" + "cert_file": "dc1-server-consul-0.pem", + "key_file": "dc1-server-consul-0-key.pem" } ``` -Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `consul-client-dc1-0.pem`. +Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `dc1-client-consul-0.pem`. The `verify_outgoing` parameter enables agents to verify the authenticity of Consul servers for outgoing connections. The `verify_server_hostname` parameter requires outgoing connections to perform hostname verification and is critically important to prevent compromised client agents from becoming servers and revealing all state to the attacker. Finally, the `verify_incoming` parameter enables the servers to verify the authenticity of all incoming connections. @@ -169,8 +169,8 @@ Enabling TLS on an existing cluster is supported. This process assumes a startin "verify_incoming": false, "verify_outgoing": false, "ca_file": "consul-agent-ca.pem", - "cert_file": "consul-server-dc1-0.pem", - "key_file": "consul-server-dc1-0-key.pem" + "cert_file": "dc1-server-consul-0.pem", + "key_file": "dc1-server-consul-0-key.pem" } ``` @@ -192,8 +192,8 @@ Next, perform a rolling restart of each agent in the cluster. After this step, T "verify_outgoing": true, "verify_server_hostname": true, "ca_file": "consul-agent-ca.pem", - "cert_file": "consul-server-dc1-0.pem", - "key_file": "consul-server-dc1-0-key.pem" + "cert_file": "dc1-server-consul-0.pem", + "key_file": "dc1-server-consul-0-key.pem" } ```