Skip to content

Commit

Permalink
chore: Docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@ananthb
ananthb committed Feb 28, 2024
1 parent a652644 commit bd20fdd
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 12 deletions.
19 changes: 7 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,25 +67,20 @@ podman build -t ghcr.io/realimage/bifrost .
Here's what you need to get started.

1. Install all bifrost binaries by running `go install ./...`.
2. Generate a new namespace UUID using `export BF_NS=$(uuidgen)`.
2. Generate a new namespace UUID using `export BF_NS=$(bf new ns)`.
3. Ensure that python, curl, and openssl are available in your environment.

### Start your engines

Set up server key material and start the CA and TLS reverse-proxy.

1. Create ECDSA P256 private key in PEM format:
1. Create Bifrost ECDSA private key:

`openssl ecparam -out key.pem -name prime256v1 -genkey -noout`
`bf new id -o key.pem`

2. Create self-signed CA certificate:
2. Create self-signed CA root certificate:

```console
openssl req -new -key key.pem -x509 -nodes -days 3650 \
-subj "/CN=$(bf id -ns "$BF_NS" key.pem)/O=$BF_NS" \
-addext basicConstraints=critical,CA:TRUE,pathlen:0 \
-out crt.pem
```
`bf new ca -o cert.pem`

3. Start the CA issuer, reverse proxy, and the target web server.

Expand All @@ -99,7 +94,7 @@ Set up server key material and start the CA and TLS reverse-proxy.

1. Generate a new client identity key:

`openssl ecparam -out clientkey.pem -name prime256v1 -genkey -noout`
`bf new id -out clientkey.pem`

2. Create a Certificate Signing Request with the client private key:

Expand All @@ -116,7 +111,7 @@ Set up server key material and start the CA and TLS reverse-proxy.
"localhost:8888/issue" >clientcrt.pem`
```

4. Make a request through hallpass to the python web server:
4. Make a request through the mTLS proxy to the python web server:

`curl --cert clientcrt.pem --key clientkey.pem -k https://localhost:8443`

Expand Down
1 change: 1 addition & 0 deletions cmd/bf/new.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ var newCmd = &cli.Command{
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
IsCA: true,
BasicConstraintsValid: true,
}

Expand Down

0 comments on commit bd20fdd

Please sign in to comment.