config/deploy/certs cleanup

securitykiss-com · Apr 8, 2014 · 01de3e9 · 01de3e9
1 parent 0bb6796
commit 01de3e9
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 67 deletions.
diff --git a/config/certs/server.crt b/config/certs/server.crt
diff --git a/config/certs/server.csr b/config/certs/server.csr
diff --git a/config/certs/server.key b/config/certs/server.key
diff --git a/config/deploy/rfwgen b/config/deploy/rfwgen
@@ -75,7 +75,6 @@ if __name__ == '__main__':
         print usage()
         sys.exit(-1)
 
-    #TODO set umask and/or individual file permissions
     os.umask(0077)
 
     server_dir = 'server_{}'.format(server_ip)

diff --git a/config/certs/gen_certs.sh → config/notes/gen_certs.sh b/config/certs/gen_certs.sh → config/notes/gen_certs.sh
@@ -1,8 +1,10 @@
 #!/usr/bin/env sh
 
+# Here are notes on creating certs and CA
 
 #################################
-# For now we create the self-signed cert as per:
+# 1. Self-signed cert
+#################################
 # https://devcenter.heroku.com/articles/ssl-certificate-self
 
 # Generate private key and certificate signing request
@@ -17,9 +19,9 @@ openssl x509 -req -days 3653 -in server.csr -signkey server.key -out server.crt
 
 
 #################################
-# In the future automate creating single CA and sign certs for every server.
+# 2. Create CA and sign certs
+#################################
 # See http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
-# Here is the procedure
 
 # generate a 4096-bit long RSA key for the root CA if does not exist
 openssl genrsa -out ca.key 4096