Add how to generate fedora-messaging certs

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2020-02-13 09:27:59 +01:00 · 2020-02-13 09:27:59 +01:00 · fd4e904473
commit fd4e904473
parent a0a1bc7788
1 changed files with 44 additions and 0 deletions
--- a/fedora_messaging_certificates.md
+++ b/fedora_messaging_certificates.md
@ -0,0 +1,44 @@
+# How to create TLS certificates for fedora-messaging
+
+In ansible-private, find the files/rabbitmq/ folder. In that is a production 
+and a staging subdirectory
+
+* Create the staging certificates:
+
+In the staging subdir, run:
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full <service name>.stg nopass
+```
+
+For example:
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full monitor-gating.stg nopass
+```
+
+(**note**: for **stg** we always make the name ``.stg`` so that ansible scripts
+work with it)
+
+* Create the production certificates:
+
+In the production subdir, run:
+
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full <service name> nopass
+```
+
+For example:
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full monitor-gating nopass
+```
+
+(**note**: no ``.stg`` here).
+
+* Add the certificates to the git repo:
+
+Run the usual commands:
+```
+git add .
+git commit -s -a -m 'Added fedora-messaging certs for <service>'
+git push
+```
+