luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

docs: fix filenames (#7453)

This commit is contained in:
Hans Hasselberg 2020-03-17 21:00:45 +01:00 committed by GitHub
parent 9e8eb7896f
commit 672db9bef6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
command/tls/cert/create/tls_cert_create.go
View File

@ -228,10 +228,10 @@ Usage: consul tls cert create [options]
and all ACL tokens. Do not distribute them to production hosts and all ACL tokens. Do not distribute them to production hosts
that are not server nodes. Store them as securely as CA keys. that are not server nodes. Store them as securely as CA keys.
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem ==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
==> Saved consul-server-dc1-0.pem ==> Saved dc1-server-consul-0.pem
==> Saved consul-server-dc1-0-key.pem ==> Saved dc1-server-consul-0-key.pem
$ consul tls cert -client $ consul tls cert -client
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem ==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
==> Saved consul-client-dc1-0.pem ==> Saved dc1-client-consul-0.pem
==> Saved consul-client-dc1-0-key.pem ==> Saved dc1-client-consul-0-key.pem
` `

8
command/tls/cert/tls_cert.go
View File

@ -35,14 +35,14 @@ Usage: consul tls cert <subcommand> [options] [filename-prefix]
Create a certificate Create a certificate
$ consul tls cert create -server $ consul tls cert create -server
==> saved consul-server-dc1.pem ==> saved dc1-server-consul.pem
==> saved consul-server-dc1-key.pem ==> saved dc1-server-consul-key.pem
Create a certificate with your own CA: Create a certificate with your own CA:
$ consul tls cert create -server -ca-file my-ca.pem -ca-key-file my-ca-key.pem $ consul tls cert create -server -ca-file my-ca.pem -ca-key-file my-ca-key.pem
==> saved consul-server-dc1.pem ==> saved dc1-server-consul.pem
==> saved consul-server-dc1-key.pem ==> saved dc1-server-consul-key.pem
For more examples, ask for subcommand help or view the documentation. For more examples, ask for subcommand help or view the documentation.
` `

4
website/source/docs/commands/tls.html.md
View File

@ -25,8 +25,8 @@ Create a client certificate:
```text ```text
$ consul tls cert create -client $ consul tls cert create -client
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem ==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
==> Saved consul-client-dc1-0.pem ==> Saved dc1-client-consul-0.pem
==> Saved consul-client-dc1-0-key.pem ==> Saved dc1-client-consul-0-key.pem
``` ```
For more examples, ask for subcommand help or view the subcommand documentation For more examples, ask for subcommand help or view the subcommand documentation

4
website/source/docs/commands/tls/cert.html.md.erb
View File

@ -22,8 +22,8 @@ $ consul tls cert create -server
and all ACL tokens. Do not distribute them to production hosts and all ACL tokens. Do not distribute them to production hosts
that are not server nodes. Store them as securely as CA keys. that are not server nodes. Store them as securely as CA keys.
==> Using consul-ca.pem and consul-ca-key.pem ==> Using consul-ca.pem and consul-ca-key.pem
==> Saved consul-server-dc1-0.pem ==> Saved dc1-server-consul-0.pem
==> Saved consul-server-dc1-0-key.pem ==> Saved dc1-server-consul-0-key.pem
``` ```
Create a certificate for clients: Create a certificate for clients:

14
website/source/docs/guides/agent-encryption.html.md
View File

@ -144,12 +144,12 @@ After TLS has been configured on all the agents, you can start the agents and RP
"verify_outgoing": true, "verify_outgoing": true,
"verify_server_hostname": true, "verify_server_hostname": true,
"ca_file": "consul-agent-ca.pem", "ca_file": "consul-agent-ca.pem",
"cert_file": "consul-server-dc1-0.pem", "cert_file": "dc1-server-consul-0.pem",
"key_file": "consul-server-dc1-0-key.pem" "key_file": "dc1-server-consul-0-key.pem"
} }
``` ```
Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `consul-client-dc1-0.pem`. Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `dc1-client-consul-0.pem`.
The `verify_outgoing` parameter enables agents to verify the authenticity of Consul servers for outgoing connections. The `verify_server_hostname` parameter requires outgoing connections to perform hostname verification and is critically important to prevent compromised client agents from becoming servers and revealing all state to the attacker. Finally, the `verify_incoming` parameter enables the servers to verify the authenticity of all incoming connections. The `verify_outgoing` parameter enables agents to verify the authenticity of Consul servers for outgoing connections. The `verify_server_hostname` parameter requires outgoing connections to perform hostname verification and is critically important to prevent compromised client agents from becoming servers and revealing all state to the attacker. Finally, the `verify_incoming` parameter enables the servers to verify the authenticity of all incoming connections.
@ -169,8 +169,8 @@ Enabling TLS on an existing cluster is supported. This process assumes a startin
"verify_incoming": false, "verify_incoming": false,
"verify_outgoing": false, "verify_outgoing": false,
"ca_file": "consul-agent-ca.pem", "ca_file": "consul-agent-ca.pem",
"cert_file": "consul-server-dc1-0.pem", "cert_file": "dc1-server-consul-0.pem",
"key_file": "consul-server-dc1-0-key.pem" "key_file": "dc1-server-consul-0-key.pem"
} }
``` ```
@ -192,8 +192,8 @@ Next, perform a rolling restart of each agent in the cluster. After this step, T
"verify_outgoing": true, "verify_outgoing": true,
"verify_server_hostname": true, "verify_server_hostname": true,
"ca_file": "consul-agent-ca.pem", "ca_file": "consul-agent-ca.pem",
"cert_file": "consul-server-dc1-0.pem", "cert_file": "dc1-server-consul-0.pem",
"key_file": "consul-server-dc1-0-key.pem" "key_file": "dc1-server-consul-0-key.pem"
} }
``` ```