mirror of https://github.com/hashicorp/consul
docs: fix filenames (#7453)
parent
bef693df9c
commit
bf6a91af94
|
@ -228,10 +228,10 @@ Usage: consul tls cert create [options]
|
|||
and all ACL tokens. Do not distribute them to production hosts
|
||||
that are not server nodes. Store them as securely as CA keys.
|
||||
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
||||
==> Saved consul-server-dc1-0.pem
|
||||
==> Saved consul-server-dc1-0-key.pem
|
||||
==> Saved dc1-server-consul-0.pem
|
||||
==> Saved dc1-server-consul-0-key.pem
|
||||
$ consul tls cert -client
|
||||
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
||||
==> Saved consul-client-dc1-0.pem
|
||||
==> Saved consul-client-dc1-0-key.pem
|
||||
==> Saved dc1-client-consul-0.pem
|
||||
==> Saved dc1-client-consul-0-key.pem
|
||||
`
|
||||
|
|
|
@ -35,14 +35,14 @@ Usage: consul tls cert <subcommand> [options] [filename-prefix]
|
|||
Create a certificate
|
||||
|
||||
$ consul tls cert create -server
|
||||
==> saved consul-server-dc1.pem
|
||||
==> saved consul-server-dc1-key.pem
|
||||
==> saved dc1-server-consul.pem
|
||||
==> saved dc1-server-consul-key.pem
|
||||
|
||||
Create a certificate with your own CA:
|
||||
|
||||
$ consul tls cert create -server -ca-file my-ca.pem -ca-key-file my-ca-key.pem
|
||||
==> saved consul-server-dc1.pem
|
||||
==> saved consul-server-dc1-key.pem
|
||||
==> saved dc1-server-consul.pem
|
||||
==> saved dc1-server-consul-key.pem
|
||||
|
||||
For more examples, ask for subcommand help or view the documentation.
|
||||
`
|
||||
|
|
|
@ -25,8 +25,8 @@ Create a client certificate:
|
|||
```text
|
||||
$ consul tls cert create -client
|
||||
==> Using consul-agent-ca.pem and consul-agent-ca-key.pem
|
||||
==> Saved consul-client-dc1-0.pem
|
||||
==> Saved consul-client-dc1-0-key.pem
|
||||
==> Saved dc1-client-consul-0.pem
|
||||
==> Saved dc1-client-consul-0-key.pem
|
||||
```
|
||||
|
||||
For more examples, ask for subcommand help or view the subcommand documentation
|
||||
|
|
|
@ -22,8 +22,8 @@ $ consul tls cert create -server
|
|||
and all ACL tokens. Do not distribute them to production hosts
|
||||
that are not server nodes. Store them as securely as CA keys.
|
||||
==> Using consul-ca.pem and consul-ca-key.pem
|
||||
==> Saved consul-server-dc1-0.pem
|
||||
==> Saved consul-server-dc1-0-key.pem
|
||||
==> Saved dc1-server-consul-0.pem
|
||||
==> Saved dc1-server-consul-0-key.pem
|
||||
```
|
||||
|
||||
Create a certificate for clients:
|
||||
|
@ -67,4 +67,4 @@ Usage: `consul tls cert create [filename-prefix] [options]`
|
|||
|
||||
- `-key=<string>` - Provide path to the key
|
||||
|
||||
- `-server` - Generate server certificate
|
||||
- `-server` - Generate server certificate
|
||||
|
|
|
@ -144,12 +144,12 @@ After TLS has been configured on all the agents, you can start the agents and RP
|
|||
"verify_outgoing": true,
|
||||
"verify_server_hostname": true,
|
||||
"ca_file": "consul-agent-ca.pem",
|
||||
"cert_file": "consul-server-dc1-0.pem",
|
||||
"key_file": "consul-server-dc1-0-key.pem"
|
||||
"cert_file": "dc1-server-consul-0.pem",
|
||||
"key_file": "dc1-server-consul-0-key.pem"
|
||||
}
|
||||
```
|
||||
|
||||
Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `consul-client-dc1-0.pem`.
|
||||
Note, for clients, the default `cert_file` and `key_file` will be named according to their cluster for. For example, `dc1-client-consul-0.pem`.
|
||||
|
||||
The `verify_outgoing` parameter enables agents to verify the authenticity of Consul servers for outgoing connections. The `verify_server_hostname` parameter requires outgoing connections to perform hostname verification and is critically important to prevent compromised client agents from becoming servers and revealing all state to the attacker. Finally, the `verify_incoming` parameter enables the servers to verify the authenticity of all incoming connections.
|
||||
|
||||
|
@ -169,8 +169,8 @@ Enabling TLS on an existing cluster is supported. This process assumes a startin
|
|||
"verify_incoming": false,
|
||||
"verify_outgoing": false,
|
||||
"ca_file": "consul-agent-ca.pem",
|
||||
"cert_file": "consul-server-dc1-0.pem",
|
||||
"key_file": "consul-server-dc1-0-key.pem"
|
||||
"cert_file": "dc1-server-consul-0.pem",
|
||||
"key_file": "dc1-server-consul-0-key.pem"
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -192,8 +192,8 @@ Next, perform a rolling restart of each agent in the cluster. After this step, T
|
|||
"verify_outgoing": true,
|
||||
"verify_server_hostname": true,
|
||||
"ca_file": "consul-agent-ca.pem",
|
||||
"cert_file": "consul-server-dc1-0.pem",
|
||||
"key_file": "consul-server-dc1-0-key.pem"
|
||||
"cert_file": "dc1-server-consul-0.pem",
|
||||
"key_file": "dc1-server-consul-0-key.pem"
|
||||
}
|
||||
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue