Skip to content

/nebula

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation Request: Usage example with CSRs #76

Open
jeffb4 opened this issue Dec 9, 2019 · 1 comment
Open

Documentation Request: Usage example with CSRs #76

jeffb4 opened this issue Dec 9, 2019 · 1 comment
Labels
documentation

Comments

@jeffb4
Copy link

@jeffb4 jeffb4 commented Dec 9, 2019

The current README documentation involves generating keys and certificates on the CA host, then shipping the key+cert+config to the new client node. Generally speaking a better pattern would be to generate a key and certificate signing request on the client node, then ship the CSR to the CA host and sign a cert, then ship cert/config back to the client node.

If Nebula is capable of handling that pattern, could the README example be updated for it?
@rawdigits

This comment has been minimized.

Sign in to view
Copy link
Member

@rawdigits rawdigits commented Dec 9, 2019
edited

It is capable and better docs are coming. quick version:

nebula-cert keygen -out-pub pub.key -out-key private.key
will generate a private and public key.

you then ship the public key to the ca host and run
nebula-cert sign -name blah -ip 192.168.100.0/24 -in-pub pub.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
2 participants
@jeffb4 @rawdigits
You can’t perform that action at this time.