diff --git a/README.md b/README.md index a1806889..4cd362b3 100644 --- a/README.md +++ b/README.md @@ -100,8 +100,7 @@ While `step` is not required to run `step-ca`, it will make your life easier so Install `step` and `step-ca` together via [Homebrew](https://brew.sh/): -
-$ brew install step
+$ brew install step
# Test installation ...
$ step certificate inspect https://smallstep.com
@@ -111,15 +110,15 @@ Certificate:
Serial Number: 326381749415081530968054238478851085504954 (0x3bf265673332db2d0c70e48a163fb7d11ba)
Signature Algorithm: SHA256-RSA
Issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
-...
-
+...
> Note: If you have installed `step` previously through the `smallstep/smallstep`
> tap you will need to run the following commands before installing:
-```
-$ brew untap smallstep/smallstep
-$ brew uninstall step
-```
+>
+> ```
+> $ brew untap smallstep/smallstep
+> $ brew uninstall step
+> ```
### Linux
@@ -180,15 +179,13 @@ helm install step-certificates
### Test
-
-$ step version
+$ step version
Smallstep CLI/0.10.0 (darwin/amd64)
Release Date: 2019-04-30 19:01 UTC
$ step-ca version
Smallstep CA/0.10.0 (darwin/amd64)
-Release Date: 2019-04-30 19:02 UTC
-
+Release Date: 2019-04-30 19:02 UTC
## Quickstart
@@ -206,8 +203,7 @@ communication. Let's get started!
#### 1. Run `step ca init` to create your CA's keys & certificates and configure `step-ca`:
-
-$ step ca init
+$ step ca init
✔ What would you like to name your new PKI? (e.g. Smallstep): Example Inc.
✔ What DNS names or IP addresses would you like to add to your new CA? (e.g. ca.smallstep.com[,1.1.1.1,etc.]): localhost
✔ What address will your new CA listen at? (e.g. :443): 127.0.0.1:8080
@@ -228,8 +224,7 @@ all done!
✔ Default configuration: /Users/bob/src/github.com/smallstep/step/.step/config/defaults.json
✔ Certificate Authority configuration: /Users/bob/src/github.com/smallstep/step/.step/config/ca.json
-Your PKI is ready to go. To generate certificates for individual services see 'step help ca'.
-
+Your PKI is ready to go. To generate certificates for individual services see 'step help ca'.
This command will:
@@ -243,11 +238,9 @@ You can find these artifacts in `$STEPPATH` (or `~/.step` by default).
You'll be prompted for your password from the previous step, to decrypt the CA's private signing key:
-
-$ step-ca $(step path)/config/ca.json
+$ step-ca $(step path)/config/ca.json
Please enter the password to decrypt /Users/bob/src/github.com/smallstep/step/.step/secrets/intermediate_ca_key: abc123
-2019/02/18 13:28:58 Serving HTTPS on 127.0.0.1:8080 ...
-
+2019/02/18 13:28:58 Serving HTTPS on 127.0.0.1:8080 ...
#### 3. Copy our `hello world` golang server.
@@ -277,8 +270,7 @@ EOF
#### 4. Get an identity for your server from the Step CA.
-
-$ step ca certificate localhost srv.crt srv.key
+$ step ca certificate localhost srv.crt srv.key
✔ Key ID: rQxROEr7Kx9TNjSQBTETtsu3GKmuW9zm02dMXZ8GUEk (bob@example.com)
✔ Please enter the password to decrypt the provisioner key: abc123
✔ CA: https://localhost:8080/1.0/sign
@@ -307,32 +299,25 @@ Certificate:
Not Before: Feb 18 21:27:21 2019 UTC
Not After : Feb 15 21:27:21 2029 UTC
Subject: CN=Example Inc. Intermediate CA
-...
-
+...
Note that `step` and `step-ca` handle details like [certificate bundling](https://smallstep.com/blog/everything-pki.html#intermediates-chains-and-bundling) for you.
#### 5. Run the simple server.
-
-$ go run srv.go &
-
+$ go run srv.go &
#### 6. Get the root certificate from the Step CA.
In a new Terminal window:
-
-$ step ca root root.crt
-The root certificate has been saved in root.crt.
-
+$ step ca root root.crt
+The root certificate has been saved in root.crt.
#### 7. Make an authenticated, encrypted curl request to your server using HTTP over TLS.
-
-$ curl --cacert root.crt https://localhost:8443/hi
-Hello, world!
-
+$ curl --cacert root.crt https://localhost:8443/hi
+Hello, world!
*All Done!*