Made Easy-RSA config steps clearer.

2024-10-13 13:34:05 +00:00 · 2017-06-26 15:17:56 +02:00 · 2017-06-26 15:17:56 +02:00 · e91e3a79c4
commit e91e3a79c4
parent 3aab15d398
1 changed files with 13 additions and 8 deletions
--- a/docs/server/source/production-deployment-template/easy-rsa.rst
+++ b/docs/server/source/production-deployment-template/easy-rsa.rst
@ -66,12 +66,17 @@ The comments in the file explain what each of the variables mean.
   echo 'set_var EASYRSA_REQ_PROVINCE "Berlin"' >> vars
   echo 'set_var EASYRSA_REQ_CITY "Berlin"' >> vars
   echo 'set_var EASYRSA_REQ_ORG "BigchainDB GmbH"' >> vars
-   echo 'set_var EASYRSA_REQ_OU "IT"' >> vars
   echo 'set_var EASYRSA_REQ_EMAIL "dev@bigchaindb.com"' >> vars

-We follow the convention of modifying the OU to ``ROOT-CA``,
-``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` and
-``MongoDB-Backup-Instance`` while issuing certificates.
+We follow the convention of setting the OU to ``ROOT-CA``,
+``MongoDB-Instance``, ``BigchainDB-Instance``, ``MongoDB-Mon-Instance`` or
+``MongoDB-Backup-Instance`` as appropriate.
+Replace ``insert-name-here`` with the appropriate name
+(e.g. ``ROOT-CA``) in:
+
+.. code:: bash
+
+   echo 'set_var EASYRSA_REQ_OU "insert-name-here"' >> vars


 Step 4: Maybe Edit x509-types/server
@ -81,7 +86,7 @@ Step 4: Maybe Edit x509-types/server

   Only do this step if you are setting up a self-signed CA.

-Edit the file ``x509-types/server`` and change
-``extendedKeyUsage = serverAuth`` to 
-``extendedKeyUsage = serverAuth,clientAuth``.
-See `the MongoDB documentation about x.509 authentication <https://docs.mongodb.com/manual/core/security-x.509/>`_ to understand why.
+   Edit the file ``x509-types/server`` and change
+   ``extendedKeyUsage = serverAuth`` to
+   ``extendedKeyUsage = serverAuth,clientAuth``.
+   See `the MongoDB documentation about x.509 authentication <https://docs.mongodb.com/manual/core/security-x.509/>`_ to understand why.