SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Apply automatic changes

Browse source
This commit is contained in:
bernhardreiter bernhardreiter@users.noreply.github.com 2022-05-16 13:21:19 +00:00
parent 5577a0b088
commit 6b377bb421
3 changed files with 27 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/development-ca.md
View file

@ -41,7 +41,7 @@ certtool --generate-self-signed --load-privkey rootca-key.pem --outfile rootca-c
<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/createWebserverCertForITest.sh&lines=11-55) --> <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/createWebserverCertForITest.sh&lines=11-55) -->
<!-- The below code snippet is automatically added from ../docs/scripts/createWebserverCertForITest.sh --> <!-- The below code snippet is automatically added from ../docs/scripts/createWebserverCertForITest.sh -->
```sh ```sh
cd ~/${FOLDERNAME} pushd ~/${FOLDERNAME}
certtool --generate-privkey --outfile testserver-key.pem certtool --generate-privkey --outfile testserver-key.pem
@ -66,12 +66,14 @@ certtool --generate-certificate --load-privkey testserver-key.pem --outfile test
cat testserver.crt rootca-cert.pem >bundle.crt cat testserver.crt rootca-cert.pem >bundle.crt
SSL_CERTIFICATE=$( export SSL_CERTIFICATE=$(
echo "$PWD/bundle.crt" echo "$PWD/bundle.crt"
) )
SSL_CERTIFICATE_KEY=$( export SSL_CERTIFICATE_KEY=$(
echo "$PWD/testserver-key.pem" echo "$PWD/testserver-key.pem"
) )
popd
``` ```
<!-- MARKDOWN-AUTO-DOCS:END --> <!-- MARKDOWN-AUTO-DOCS:END -->

4
docs/install-server-certificate.md
View file

@ -50,13 +50,11 @@ finds your your private key and the certificate chain.
<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/TLSConfigsForITest.sh&lines=31-37) --> <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/TLSConfigsForITest.sh&lines=31-37) -->
<!-- The below code snippet is automatically added from ../docs/scripts/TLSConfigsForITest.sh --> <!-- The below code snippet is automatically added from ../docs/scripts/TLSConfigsForITest.sh -->
```sh ```sh
listen 443 ssl default_server; # ipv4
listen [::]:443 ssl http2 default_server; # ipv6
ssl_certificate '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt ssl_certificate '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem; ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
' > ~/${FOLDERNAME}/TLSConfigs.txt
``` ```
<!-- MARKDOWN-AUTO-DOCS:END --> <!-- MARKDOWN-AUTO-DOCS:END -->

21
docs/provider-setup.md
View file

@ -120,6 +120,27 @@ This needs to set the `password` option in `config.toml`.
To let nginx resolves the DNS record `csaf.data.security.domain.tld` to fulfill the [Requirement 10](https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html#7110-requirement-10-dns-path) configure a new server block (virtual host) in a separated file under `/etc/nginx/available-sites/{DNSNAME}` like following: To let nginx resolves the DNS record `csaf.data.security.domain.tld` to fulfill the [Requirement 10](https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html#7110-requirement-10-dns-path) configure a new server block (virtual host) in a separated file under `/etc/nginx/available-sites/{DNSNAME}` like following:
<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/DNSConfigForItest.sh&lines=18-35) --> <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/DNSConfigForItest.sh&lines=18-35) -->
<!-- The below code snippet is automatically added from ../docs/scripts/DNSConfigForItest.sh -->
```sh
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
root /var/www/html;
server_name ${DNS_NAME}; # e.g. server_name csaf.data.security.domain.tld;
location / {
try_files /.well-known/csaf/provider-metadata.json =404;
}
access_log /var/log/nginx/dns-domain_access.log;
error_log /var/log/nginx/dns-domain_error.log;
}
```
<!-- MARKDOWN-AUTO-DOCS:END --> <!-- MARKDOWN-AUTO-DOCS:END -->
Then create a symbolic link to enable the new server block: Then create a symbolic link to enable the new server block: