From fd4e90447368a0d32fcbf992aabfbddd041d90d1 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Thu, 13 Feb 2020 09:27:59 +0100
Subject: [PATCH] Add how to generate fedora-messaging certs

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 fedora_messaging_certificates.md | 44 ++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 fedora_messaging_certificates.md

diff --git a/fedora_messaging_certificates.md b/fedora_messaging_certificates.md
new file mode 100644
index 0000000..760360c
--- /dev/null
+++ b/fedora_messaging_certificates.md
@@ -0,0 +1,44 @@
+# How to create TLS certificates for fedora-messaging
+
+In ansible-private, find the files/rabbitmq/ folder. In that is a production 
+and a staging subdirectory
+
+* Create the staging certificates:
+
+In the staging subdir, run:
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full <service name>.stg nopass
+```
+
+For example:
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full monitor-gating.stg nopass
+```
+
+(**note**: for **stg** we always make the name ``.stg`` so that ansible scripts
+work with it)
+
+* Create the production certificates:
+
+In the production subdir, run:
+
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full <service name> nopass
+```
+
+For example:
+```
+/usr/share/easy-rsa/3/easyrsa build-client-full monitor-gating nopass
+```
+
+(**note**: no ``.stg`` here).
+
+* Add the certificates to the git repo:
+
+Run the usual commands:
+```
+git add .
+git commit -s -a -m 'Added fedora-messaging certs for <service>'
+git push
+```
+