ref: cd1334019c5f2b8b63abca6bebc7e71d4b0e763a
parent: 731c595e710002bd1b1b56404a1cf24b44f9a30d
author: Aaron Lin <jrmu@inter9.org>
date: Tue Dec 31 17:56:53 EST 2024
Add example.com.key to factotum and set the role to client
--- a/acmed.ms
+++ b/acmed.ms
@@ -10,21 +10,22 @@
cpu% auth/rsa2jwk username@example.com.key > /sys/lib/tls/acmed/username@example.com.pub
-We store our private key into secstore, then factotum:
+We next generate a private key for the host, and set the proper file permissions,
+and copy it into /sys/lib/tls/acmed/:
+cpu% auth/rsagen -t 'service=tls role=client owner=*' > example.com.key
+cpu% chmod 600 username@example.com.key example.com.key
+cpu% cp username@example.com.key example.com.key /sys/lib/tls/acmed/
+
+We store our keys into secstore, then factotum:
+
cpu% auth/secstore -g factotum
secstore password:
cpu% cat username@example.com.key >> factotum
+cpu% cat example.com.key >> factotum
cpu% auth/secstore -v -p factotum
secstore password:
cpu% read -m factotum > /mnt/factotum/ctl
-
-We next generate a private key for the host, and set the proper file permissions,
-and copy it into /sys/lib/tls/acmed/:
-
-cpu% auth/rsagen -t 'service=tls owner=*' > example.com.key
-cpu% chmod 600 username@example.com.key example.com.key
-cpu% cp username@example.com.key example.com.key /sys/lib/tls/acmed/
We generate a certificate signing request, then create the .well-known/acme-challenge
directory, then pass the CSR to acmed: