mirror of
https://github.com/planetmint/planetmint.git
synced 2025-11-24 14:35:45 +00:00
83ca51c94f
* 31 restructue documentation (#138) * removed korean documentation Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed CN and KOR readme Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * changed to the press theme Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * first changes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixe H3 vs H1 issues Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added missing png Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added missing file Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed warnings Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * moved documents Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolete files Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolete folder Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obs. file Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added some final changes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obs. reference Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * moved chain migration to election types (#109) Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * Final zenroom (#147) * zenroom fixes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * expl. defined the aiohttp package Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased version number and fixed a zenroom runtime bug Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added fialing zenroom tx signing test Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * extended test to pass zenrooom validation, but to fail planetmint validation. Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added manual tx crafting Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added zenroom fulfillment verification Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * the last mile before integration Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * zenroom unit tests are passing Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * simplified zenroom unit tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolte lines from the zenroom tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed acceptance tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * adjusted zenroom integraiton tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed linting errors Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * simplified zenroom unit test Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased version number Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * using cryptoconditions without print message Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased cc usage to 0.9.9 readded daemon proceses Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased version to 0.9.6 Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed deployment issue for 0.9.6 Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * adjusted get_assets and from_db for tarantool Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * added comment Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * improve usability of zenroom (#159) * improve usability of zenroom * * increased version * fixed test cases * added changelog Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> Co-authored-by: Jürgen Eckel <juergen@riddleandcode.com> * migrated to AGPLv3 Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * 150 add cryptoconditions documentation (#166) * added smaller logos fixed reference issue Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed some erros and typos Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added cryptoconditions reference to the subproject Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * docker all in one now install tarantool Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * added user to integration init.lua Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * updated integration test setup for tarantool Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * removed print statements Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * updated changelog Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * fixed error messaging Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed exception verification Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed printing of testdata Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> Co-authored-by: Jürgen Eckel <eckelj@users.noreply.github.com> Co-authored-by: Lorenz Herzberger <64837895+LaurentDeMontBlanc@users.noreply.github.com> Co-authored-by: Alberto Lerda <30939098+albertolerda@users.noreply.github.com> Co-authored-by: Jürgen Eckel <juergen@riddleandcode.com>
99 lines
3.2 KiB
ReStructuredText
99 lines
3.2 KiB
ReStructuredText
|
|
.. Copyright © 2020 Interplanetary Database Association e.V.,
|
|
Planetmint and IPDB software contributors.
|
|
SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
|
|
Code is Apache-2.0 and docs are CC-BY-4.0
|
|
|
|
.. _how-to-install-and-configure-easyrsa:
|
|
|
|
How to Install & Configure Easy-RSA
|
|
===================================
|
|
|
|
We use
|
|
`Easy-RSA version 3
|
|
<https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto>`_, a
|
|
wrapper over complex ``openssl`` commands.
|
|
`Easy-RSA is available on GitHub <https://github.com/OpenVPN/easy-rsa/releases>`_ and licensed under GPLv2.
|
|
|
|
|
|
Step 1: Install Easy-RSA Dependencies
|
|
-------------------------------------
|
|
|
|
The only dependency for Easy-RSA v3 is ``openssl``,
|
|
which is available from the ``openssl`` package on Ubuntu and other
|
|
Debian-based operating systems, i.e. you can install it using:
|
|
|
|
.. code:: bash
|
|
|
|
sudo apt-get update
|
|
|
|
sudo apt-get install openssl
|
|
|
|
|
|
Step 2: Install Easy-RSA
|
|
------------------------
|
|
|
|
Make sure you're in the directory where you want Easy-RSA to live,
|
|
then download it and extract it within that directory:
|
|
|
|
.. code:: bash
|
|
|
|
wget https://github.com/OpenVPN/easy-rsa/archive/3.0.1.tar.gz
|
|
|
|
tar xzvf 3.0.1.tar.gz
|
|
|
|
rm 3.0.1.tar.gz
|
|
|
|
There should now be a directory named ``easy-rsa-3.0.1``
|
|
in your current directory.
|
|
|
|
|
|
Step 3: Customize the Easy-RSA Configuration
|
|
--------------------------------------------
|
|
|
|
We now create a config file named ``vars``
|
|
by copying the existing ``vars.example`` file
|
|
and then editing it.
|
|
You should change the
|
|
country, province, city, org and email
|
|
to the correct values for your organisation.
|
|
(Note: The country, province, city, org and email are part of
|
|
the `Distinguished Name <https://en.wikipedia.org/wiki/X.509#Certificates>`_ (DN).)
|
|
The comments in the file explain what each of the variables mean.
|
|
|
|
.. code:: bash
|
|
|
|
cd easy-rsa-3.0.1/easyrsa3
|
|
|
|
cp vars.example vars
|
|
|
|
echo 'set_var EASYRSA_DN "org"' >> vars
|
|
echo 'set_var EASYRSA_KEY_SIZE 4096' >> vars
|
|
|
|
echo 'set_var EASYRSA_REQ_COUNTRY "DE"' >> vars
|
|
echo 'set_var EASYRSA_REQ_PROVINCE "Berlin"' >> vars
|
|
echo 'set_var EASYRSA_REQ_CITY "Berlin"' >> vars
|
|
echo 'set_var EASYRSA_REQ_ORG "Planetmint GmbH"' >> vars
|
|
echo 'set_var EASYRSA_REQ_OU "IT"' >> vars
|
|
echo 'set_var EASYRSA_REQ_EMAIL "contact@ipdb.global"' >> vars
|
|
|
|
Note: Later, when building a CA or generating a certificate signing request, you will be prompted to enter a value for the OU (or to accept the default). You should change the default OU from ``IT`` to one of the following, as appropriate:
|
|
``ROOT-CA``,
|
|
``MongoDB-Instance``, ``Planetmint-Instance``, ``MongoDB-Mon-Instance`` or
|
|
``MongoDB-Backup-Instance``.
|
|
To understand why, see `the MongoDB Manual <https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/>`_.
|
|
There are reminders to do this in the relevant docs.
|
|
|
|
|
|
Step 4: Maybe Edit x509-types/server
|
|
------------------------------------
|
|
|
|
.. warning::
|
|
|
|
Only do this step if you are setting up a self-signed CA.
|
|
|
|
Edit the file ``x509-types/server`` and change
|
|
``extendedKeyUsage = serverAuth`` to
|
|
``extendedKeyUsage = serverAuth,clientAuth``.
|
|
See `the MongoDB documentation about x.509 authentication <https://docs.mongodb.com/manual/core/security-x.509/>`_ to understand why.
|