openstack/anchor
Code Issues Proposed changes

Force a recent hash in examples

Browse Source 
On some systems openssl still defaults to sha1 in new certificate requests,
which is rejected by Anchor. Force sha256 in all examples instead.

Change-Id: I0c673392c7f6badd7d66c307ace594b1d711674d
This commit is contained in:
Stanisław Pitucha 2016-05-06 16:27:01 +10:00
parent e585255333
commit 6fdb9be69e
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.rst
View File

@ -93,14 +93,15 @@ can be done to create a test CA. The test certificate can be then used
to sign the new certificates.
openssl req -out CA/root-ca.crt -keyout CA/root-ca-unwrapped.key \
-newkey rsa:4096 -subj "/CN=Anchor Test CA" -nodes -x509 -days 365
-newkey rsa:4096 -subj "/CN=Anchor Test CA" -nodes -x509 -days 365 \
-sha256
chmod 0400 CA/root-ca-unwrapped.key
Next, a new certificate request may be generated:
openssl req -out anchor-test.example.com.csr -nodes \
-keyout anchor-test.example.com.key -newkey rsa:2048 \
-subj "/CN=anchor-test.example.com"
-subj "/CN=anchor-test.example.com" -sha256
That reqest can be submitted using curl (while `pecan serve config.py`
is running):