8 Commits

Author SHA1 Message Date
Jérôme Petazzoni
313df8f9ff Update csr-api.md 2019-06-12 16:01:52 -05:00
Carl
ef6a5f05f8 clarify language around CSRs
three changes:

CSRs don't have expiry dates

"-nodes" just means "no encryption" it's not really specific to DES

the cert comes from the controller not the CSR
2019-06-12 16:01:52 -05:00
Jérôme Petazzoni
990a873e81 Update csr-api.md 2019-06-12 15:55:35 -05:00
AJ Bowen
c3a796faef observations from Velocity workshop 2019-06-11 16:28:50 -07:00
Jérôme Petazzoni
12b625d4f6 Update csr-api.md 2019-06-09 18:16:02 -05:00
AJ Bowen
161b8aed7d wording tweaks 2019-06-09 15:59:22 -07:00
Jerome Petazzoni
f69c9853bb More typos 2019-05-24 19:36:03 -05:00
Jerome Petazzoni
0dfff26410 Add a chapter showing how to use the CSR API
This is a rather convoluted example, showing step by
step how to build a system where each user gets a
ServiceAcccount and token with limited access, and
can use this token to submit a CSR that will give
them a short-lived certificate.

Even if this is not a 100% realistic scenario,
the general idea (using a "long-term" password
or token to obtain a "short-term" token) is used
by many other systems, so it makes sense to get
acquainted with the various moving parts.
2019-05-22 09:45:27 -05:00