From faca98f42bda9c919e8d6e1080e17a0dcaf7e296 Mon Sep 17 00:00:00 2001
From: bax1489 <fabian.gallenkamp@uni-hamburg.de>
Date: Thu, 26 Sep 2019 13:01:08 +0200
Subject: [PATCH] minor corrections

---
 README.md | 37 +++++++++++++++----------------------
 1 file changed, 15 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index 60627da..6d64ce2 100644
--- a/README.md
+++ b/README.md
@@ -3,33 +3,26 @@
 ## preparation
 
 ### request certificate (PKCS#10 method)
-1. Create empty folder ``mkdir /opt/otree/temp`` and switch into ``cd /opt/otree/temp``
-2. Adapt your config file ``request.conf``.
-3. Generate encrypted private key and certificate request file with ``openssl req -config request.conf -newkey rsa:2048 -sha256 -outform PEM -out certrequest.pem`` from config file.
-4. Verify your ``certrequest.pem`` with ``openssl req -in certrequest.pem -text``
-5. Make a request with the certificate request file at your responsible office.
-6. Unencrypt your private key with: ``openssl rsa -in domain.key.pem.enc -out domain.key.pem``.
-7. Move your unencrypted private key file with ``sudo mv /opt/otree/temp/private-key.pem /etc/ssl/private/domain.key.pem.enc``. (Note: Verify permissions! 0600)
-8. Upload the obtained certificate and the certificate chain onto your server into ``/opt/otree/temp`` and append the chain (PA-Cert) to the certificate with ``cat pa-chain.pem >> cert-myserver.pem``.
-9. Lastly move the certificate to the correct location: ``sudo mv /opt/tree/temp/cert-myserver.pem /etc/ssl/certs/domain.crt.pem`` (Note: Verify permissions! 0644)
-
-### place ssl/tls certificate and key-file (unfortunately not scriptable due to security best-practices)
-1. Use ``scp mycert.crt user@host:/home/user/`` and ``scp mycert.key user@host:/home/user/`` or use [WinSCP](https://de.wikipedia.org/wiki/WinSCP) to copy over the certificate files.
-2. Establish a ssh connection onto your server.
-3. Then move the certificate files into place: 
-
-``sudo mv /home/user/mycert.crt /etc/ssl/certs/``
-
-``sudo mv /home/user/mycert.key /etc/ssl/private/`` 
+1. Establish a ssh connection onto your server.
 
-4. And set the permissions correctly: 
+2. Create empty folder ``mkdir /opt/otree/temp`` and switch into ``cd /opt/otree/temp``
+3. Adapt your config file ``request.conf``.
+4. Generate encrypted private key and certificate request file with ``openssl req -config request.conf -newkey rsa:2048 -sha256 -outform PEM -out certrequest.pem`` from config file.
+5. Verify your ``certrequest.pem`` with ``openssl req -in certrequest.pem -text``
+6. Make a request with the certificate request file at your responsible office.
+7. Unencrypt your private key with: ``openssl rsa -in domain.key.pem.enc -out domain.key.pem``.
+8. Move your unencrypted private key file with ``sudo mv /opt/otree/temp/private-key.pem /etc/ssl/private/domain.key.pem.enc``. (Note: Verify permissions! 0600)
+9. Upload the obtained certificate and the certificate chain onto your server into ``/opt/otree/temp`` and append the chain (PA-Cert) to the certificate with ``cat pa-chain.pem >> cert-myserver.pem``.
+10. Lastly move the certificate to the correct location: ``sudo mv /opt/tree/temp/cert-myserver.pem /etc/ssl/certs/domain.crt.pem`` (Note: Verify permissions! 0644)
+11. And set the permissions correctly:
 
-``sudo chown root:root /etc/ssl/certs/mycert.crt /etc/ssl/private/mycert.key`` 
+``sudo chown root:root /etc/ssl/certs/domain.crt.pem /etc/ssl/private/domain.key.pem``
 
-``sudo chmod 644 /etc/ssl/certs/mycert.crt`` 
+``sudo chmod 644 /etc/ssl/certs/domain.crt.pem``
 
-``sudo chmod 600 /etc/ssl/private/mycert.key``
+``sudo chmod 600 /etc/ssl/private/domain.key.pem``
 
+Note: Use ``scp mycert.crt user@host:/home/user/`` and ``scp mycert.key user@host:/home/user/`` or use [WinSCP](https://de.wikipedia.org/wiki/WinSCP) to copy over the certificate files.
 
 ### install ansible and clone this project on your server
 1. Establish a ssh connection onto your server.
-- 
GitLab