Fix leftover statement about the CA's CN

When the documentation pointed to using just a self-signed certificate (with no CA), this was correct, however, as this changed, this statement should have been updated as well, as it now gives erronous advice about the CA's CN. Change-Id: I09394a66c787ec1f4c8c0db75a70b5dfd868ef26
2016-11-15 10:10:23 +02:00 · 2016-11-15 10:10:23 +02:00 · f301600bee
commit f301600bee
parent 77d1f714a1
1 changed files with 6 additions and 4 deletions
--- a/doc/source/advanced_deployment/ssl.rst
+++ b/doc/source/advanced_deployment/ssl.rst
@ -146,9 +146,9 @@ Certificate Details
       openssl genrsa -out overcloud-ca-privkey.pem 2048

   Generate a self-signed CA certificate.  This command will prompt for some
-   identifying information.  Most of the fields don't matter, but this
-   is where the Common Name must be set to the first IP in the external
-   network allocation pool::
+   identifying information.  Most of the fields don't matter, and the CN should
+   not be the same as the one we'll give the leaf certificate. You can choose a
+   CN for this such as "TripleO CA"::

       openssl req -new -x509 -key overcloud-ca-privkey.pem \
            -out overcloud-cacert.pem -days 365
@ -160,7 +160,9 @@ Certificate Details
       sudo update-ca-trust extract

   Generate the leaf certificate request and key that will be used for the
-   public VIP::
+   public VIP. Again, Most of the fields don't matter, but this is where the
+   Common Name must be set to the fixed IP in the external network allocation
+   pool::

       openssl req -newkey rsa:2048 -days 365 \
            -nodes -keyout server-key.pem -out server-req.pem