diff --git a/CHANGELOG.md b/CHANGELOG.md index f978d6016..1e9e20296 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,7 +36,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Generation of first provisioner name on `step ca init` in (smallstep/certificates#1566) - Processing of SCEP Get PKIOperation requests in (smallstep/certificates#1570) -- Support for signing identity certificate during SSH sign by skipping URI validation in (smallstep/certificates#1572) +- Support for signing identity certificate during SSH sign by skipping URI validation in (smallstep/certificates#1572) - Dependency on `micromdm/scep` and `go.mozilla.org/pkcs7` to use Smallstep forks in (smallstep/certificates#1600) - Make the Common Name validator for JWK provisioners accept values from SANs too in (smallstep/certificates#1609) diff --git a/examples/README.md b/examples/README.md index a23233029..a6908c6b7 100644 --- a/examples/README.md +++ b/examples/README.md @@ -21,7 +21,7 @@ the token does contain the root fingerprint then it is simpler to use: client, err := ca.Bootstrap(token) ``` -After the initialization there are examples of all the client methods. These +After the initialization, there are examples of all the client methods. These methods are a convenient way to use the CA API. The first method, `Health`, returns the status of the CA server. If the server is up it will return `{"status":"ok"}`. @@ -77,7 +77,7 @@ if err != nil { ... } ``` The following methods are for inpsecting Provisioners. -One method that returns a list of provisioners or a the encrypted key of one provisioner. +One method that returns a list of provisioners or an encrypted key of one provisioner. ```go // Without options it will return the first 20 provisioners. @@ -98,7 +98,7 @@ key, err := client.ProvisionerKey("DmAtZt2EhmZr_iTJJ387fr4Md2NbzMXGdXQNW1UWPXk") ``` The following example shows how to create a -tls.Config object that can be injected into servers and clients. By default these +tls.Config object that can be injected into servers and clients. By default, these methods will spin off Go routines that auto-renew a certificate once (approximately) two thirds of the duration of the certificate has passed. @@ -184,7 +184,7 @@ resp, err := client.Get("https://localhost:8443") ``` We will demonstrate the mTLS configuration in a different example. In this -examplefor we will configure the server to only verify client certificates +example we will configure the server to only verify client certificates if they are provided. To being with let's start the Step CA: @@ -226,7 +226,7 @@ If you'd like to turn off curl's verification of the certificate, use HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure. ``` -Now lets use the root certificate generated for the Step PKI. It should work. +Now let's use the root certificate generated for the Step PKI. It should work. ```sh certificates $ curl --cacert examples/pki/secrets/root_ca.crt https://localhost:8443 @@ -236,7 +236,7 @@ Hello nobody at 2018-11-03 01:49:25.66912 +0000 UTC!!! Notice that in the response we see `nobody`. This is because the server did not detected a TLS client configuration. -But if we create a client with it's own certificate (generated by the Step CA), +But if we create a client with its own certificate (generated by the Step CA), we should see the Common Name of the client certificate: ```sh @@ -304,7 +304,7 @@ We can use the bootstrap-server to demonstrate certificate rotation. We've added a second provisioner, named `mike@smallstep.com`, to the CA configuration. This provisioner is has a default certificate duration of 2 minutes. Let's run the server, and inspect the certificate. We can should be able to -see the certificate rotate once approximately 2/3rds of it's lifespan has passed. +see the certificate rotate once approximately 2/3rds of its lifespan has passed. ```sh certificates $ export STEPPATH=examples/pki @@ -320,7 +320,7 @@ The exact formula is `-/3-rand(/20)` (`duration=12 in our example). We can use the following command to check the certificate expiration and to make -sure the certificate changes after 74-80 seconds. +sure the certificate changes after 74-80 seconds. ```sh certificates $ step certificate inspect --insecure https://localhost:8443 diff --git a/scripts/README.md b/scripts/README.md index 5571bf86f..86c5bc866 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -4,5 +4,5 @@ Please note that `install-step-ra.sh` is referenced on the `files.smallstep.com` ## badger-migration -badger-migration is a tool that allows migrating data data from BadgerDB (v1 or +badger-migration is a tool that allows migrating data from BadgerDB (v1 or v2) to MySQL or PostgreSQL.