SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Improve client cert setup instructions

Browse source 
* Add hint that the used client certification is logged by default
   when accessing the upload interface of the provider.

resolve #99
This commit is contained in:
Bernhard Reiter 2022-04-13 17:59:16 +02:00
parent 2fbe0fed7e
commit d82be5c69e
No known key found for this signature in database
GPG key ID: 2B7BA3BF9BC3A554
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/client-certificate-setup.md
View file

@ -47,6 +47,11 @@ within the `csaf_provider`.
To inspect the precise string of certain certificate, try it and To inspect the precise string of certain certificate, try it and
check the logged value in the nginx log file, e.g. `/var/log/nginx/error.log`. check the logged value in the nginx log file, e.g. `/var/log/nginx/error.log`.
The *used personal client certificate will be logged by default*,
when accessing the csaf_provider uploading interface.
It is written to the nginx error log together with the connection information.
This is for auditing who did uploads.
Reload or restart nginx to apply the changes (e.g. `systemctl reload nginx` Reload or restart nginx to apply the changes (e.g. `systemctl reload nginx`
on Debian or Ubuntu.) on Debian or Ubuntu.)