luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

fix typos

This commit is contained in:
Becca Petrin 2019-06-17 15:08:37 -07:00
parent a420b966bb
commit 1ca20773c2
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
website/source/docs/auth/pcf.html.md
View File

@ -15,10 +15,10 @@ At a high level, this works as follows:
1. You construct a request to Vault including your `CF_INSTANCE_CERT`, signed by your `CF_INSTANCE_KEY`.
2. Vault validates that the signature is no more than 5 minutes old, or 1 minute in the future.
3. Vault validates that the cert was issued by the CA certificate authority you've pre-configured.
3. Vault validates that the cert was issued by the CA certificate you've pre-configured.
4. Vault validates that the request was signed by the private key for the `CF_INSTANCE_CERT`.
5. Vault validates that the `CF_INSTANCE_CERT`'s shown application ID, space ID, and org ID presently exist.
6. If all checks pass, Vault issues a token with that appropriate scopes you have designated.
5. Vault validates that the `CF_INSTANCE_CERT` application ID, space ID, and org ID presently exist.
6. If all checks pass, Vault issues an appropriately-scoped token.
## Known Risks
@ -249,7 +249,7 @@ your behalf.
In testing we found that PCF instance identity CA certificates were set to expire in 3 years. Some
PCF docs indicate they expire every 4 years. However long they last, at some point you may need
to add another CA certificate - one that's soon to expire, and one that is currently or soon-to-by
to add another CA certificate - one that's soon to expire, and one that is currently or soon-to-be
valid.
```