docs: fix filenames (#7453)
This commit is contained in:
parent
9e8eb7896f
commit
672db9bef6
|
@ -228,10 +228,10 @@ Usage: consul tls cert create [options]
|
||||||
and all ACL tokens. Do not distribute them to production hosts
|
and all ACL tokens. Do not distribute them to production hosts
|
||||||
that are not server nodes. Store them as securely as CA keys.
|
that are not server nodes. Store them as securely as CA keys.
|
||||||
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
||||||
==> Saved consul-server-dc1-0.pem
|
==> Saved dc1-server-consul-0.pem
|
||||||
==> Saved consul-server-dc1-0-key.pem
|
==> Saved dc1-server-consul-0-key.pem
|
||||||
$ consul tls cert -client
|
$ consul tls cert -client
|
||||||
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
||||||
==> Saved consul-client-dc1-0.pem
|
==> Saved dc1-client-consul-0.pem
|
||||||
==> Saved consul-client-dc1-0-key.pem
|
==> Saved dc1-client-consul-0-key.pem
|
||||||
`
|
`
|
||||||
|
|
|
@ -35,14 +35,14 @@ Usage: consul tls cert <subcommand> [options] [filename-prefix]
|
||||||
Create a certificate
|
Create a certificate
|
||||||
|
|
||||||
$ consul tls cert create -server
|
$ consul tls cert create -server
|
||||||
==> saved consul-server-dc1.pem
|
==> saved dc1-server-consul.pem
|
||||||
==> saved consul-server-dc1-key.pem
|
==> saved dc1-server-consul-key.pem
|
||||||
|
|
||||||
Create a certificate with your own CA:
|
Create a certificate with your own CA:
|
||||||
|
|
||||||
$ consul tls cert create -server -ca-file my-ca.pem -ca-key-file my-ca-key.pem
|
$ consul tls cert create -server -ca-file my-ca.pem -ca-key-file my-ca-key.pem
|
||||||
==> saved consul-server-dc1.pem
|
==> saved dc1-server-consul.pem
|
||||||
==> saved consul-server-dc1-key.pem
|
==> saved dc1-server-consul-key.pem
|
||||||
|
|
||||||
For more examples, ask for subcommand help or view the documentation.
|
For more examples, ask for subcommand help or view the documentation.
|
||||||
`
|
`
|
||||||
|
|
|
@ -25,8 +25,8 @@ Create a client certificate:
|
||||||
```text
|
```text
|
||||||
$ consul tls cert create -client
|
$ consul tls cert create -client
|
||||||
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
||||||
==> Saved consul-client-dc1-0.pem
|
==> Saved dc1-client-consul-0.pem
|
||||||
==> Saved consul-client-dc1-0-key.pem
|
==> Saved dc1-client-consul-0-key.pem
|
||||||
```
|
```
|
||||||
|
|
||||||
For more examples, ask for subcommand help or view the subcommand documentation
|
For more examples, ask for subcommand help or view the subcommand documentation
|
||||||
|
|
|
@ -22,8 +22,8 @@ $ consul tls cert create -server
|
||||||
and all ACL tokens. Do not distribute them to production hosts
|
and all ACL tokens. Do not distribute them to production hosts
|
||||||
that are not server nodes. Store them as securely as CA keys.
|
that are not server nodes. Store them as securely as CA keys.
|
||||||
==> Using consul-ca.pem and consul-ca-key.pem
|
==> Using consul-ca.pem and consul-ca-key.pem
|
||||||
==> Saved consul-server-dc1-0.pem
|
==> Saved dc1-server-consul-0.pem
|
||||||
==> Saved consul-server-dc1-0-key.pem
|
==> Saved dc1-server-consul-0-key.pem
|
||||||
```
|
```
|
||||||
|
|
||||||
Create a certificate for clients:
|
Create a certificate for clients:
|
||||||
|
|
|
@ -144,12 +144,12 @@ After TLS has been configured on all the agents, you can start the agents and RP
|
||||||
"verify_outgoing": true,
|
"verify_outgoing": true,
|
||||||
"verify_server_hostname": true,
|
"verify_server_hostname": true,
|
||||||
"ca_file": "consul-agent-ca.pem",
|
"ca_file": "consul-agent-ca.pem",
|
||||||
"cert_file": "consul-server-dc1-0.pem",
|
"cert_file": "dc1-server-consul-0.pem",
|
||||||
"key_file": "consul-server-dc1-0-key.pem"
|
"key_file": "dc1-server-consul-0-key.pem"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `consul-client-dc1-0.pem`.
|
Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `dc1-client-consul-0.pem`.
|
||||||
|
|
||||||
The `verify_outgoing` parameter enables agents to verify the authenticity of Consul servers for outgoing connections. The `verify_server_hostname` parameter requires outgoing connections to perform hostname verification and is critically important to prevent compromised client agents from becoming servers and revealing all state to the attacker. Finally, the `verify_incoming` parameter enables the servers to verify the authenticity of all incoming connections.
|
The `verify_outgoing` parameter enables agents to verify the authenticity of Consul servers for outgoing connections. The `verify_server_hostname` parameter requires outgoing connections to perform hostname verification and is critically important to prevent compromised client agents from becoming servers and revealing all state to the attacker. Finally, the `verify_incoming` parameter enables the servers to verify the authenticity of all incoming connections.
|
||||||
|
|
||||||
|
@ -169,8 +169,8 @@ Enabling TLS on an existing cluster is supported. This process assumes a startin
|
||||||
"verify_incoming": false,
|
"verify_incoming": false,
|
||||||
"verify_outgoing": false,
|
"verify_outgoing": false,
|
||||||
"ca_file": "consul-agent-ca.pem",
|
"ca_file": "consul-agent-ca.pem",
|
||||||
"cert_file": "consul-server-dc1-0.pem",
|
"cert_file": "dc1-server-consul-0.pem",
|
||||||
"key_file": "consul-server-dc1-0-key.pem"
|
"key_file": "dc1-server-consul-0-key.pem"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -192,8 +192,8 @@ Next, perform a rolling restart of each agent in the cluster. After this step, T
|
||||||
"verify_outgoing": true,
|
"verify_outgoing": true,
|
||||||
"verify_server_hostname": true,
|
"verify_server_hostname": true,
|
||||||
"ca_file": "consul-agent-ca.pem",
|
"ca_file": "consul-agent-ca.pem",
|
||||||
"cert_file": "consul-server-dc1-0.pem",
|
"cert_file": "dc1-server-consul-0.pem",
|
||||||
"key_file": "consul-server-dc1-0-key.pem"
|
"key_file": "dc1-server-consul-0-key.pem"
|
||||||
}
|
}
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in a new issue