From 87f032731e8e0a75364b2520b5207ba82f3ab6a1 Mon Sep 17 00:00:00 2001 From: Al Cutter Date: Fri, 5 May 2023 23:42:04 +0100 Subject: [PATCH] Add command for starting ctfe to ManualDeploy doc (#1069) * Add command for starting ctfe to ManualDeploy doc * Fix get-roots command --- trillian/docs/ManualDeployment.md | 45 ++++++++++++++++++------------- 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/trillian/docs/ManualDeployment.md b/trillian/docs/ManualDeployment.md index 3797a51078..6d2645321a 100644 --- a/trillian/docs/ManualDeployment.md +++ b/trillian/docs/ManualDeployment.md @@ -285,24 +285,6 @@ for feeding to `ct-server` can thus be produced with: % cat /etc/ssl/certs/* > ca-roots.pem ``` -**Cross-check**: Once the CTFE is configured and running -([below](#ctfe-start-up)), opening -`http://localhost://ct/v1/get-roots` shows the configured roots. -Alternatively, the `ctclient` command-line tool shows the same information in a -more friendly way: - -```bash -% go install github.com/google/certificate-transparency-go/client/ctclient -% ctclient --log_uri http://localhost:6966/aramis getroots -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 67554046 (0x406cafe) - Signature Algorithm: ECDSA-SHA256 -... -``` - - ### CTFE Configuration The information from the previous steps now needs to be assembled into a @@ -344,6 +326,14 @@ can be started. it should match the `--rpc_endpoint` for the [log server](#trillian-services). - The `--http_endpoint` option indicates the port that the CTFE should respond to HTTP(S) requests on. + + e.g. + ```bash + CTFE_CONFIG=/path/to/your/ctfe_config_file + TRILLIAN_LOG_SERVER_RPC_ENDPOINT=localhost:8080 + go run github.com/google/certificate-transparency-go/trillian/ctfe/ct_server --log_config ${CTFE_CONFIG} --http_endpoint=localhost:6966 --log_rpc_server ${TRILLIAN_LOG_SERVER_RPC_ENDPOINT} --logtostderr + + ``` At this point, a complete (but minimal) CT Log setup is available. The manual set up steps up to this point match the @@ -352,7 +342,9 @@ script should (mostly) make sense. **Cross-check**: Opening `http://localhost://ct/v1/get-sth` in a browser should show JSON that indicates an empty tree. + Alternatively, the `ctclient` command-line tool shows the same information: +e.g. ```bash go run github.com/google/certificate-transparency-go/client/ctclient@master get-sth --log_uri http://localhost:6966/aramis 2018-10-12 11:28:08.544 +0100 BST (timestamp 1539340088544): Got STH for V1 log (size=11718) at http://localhost:6966/aramis, hash 6fb36fcca60d61aa85e04ff0c34a87782f12d08568118602eec0208d85c3a40d @@ -360,6 +352,23 @@ Signature: Hash=SHA256 Sign=ECDSA Value=3045022100df855f0fd097a45070e2eb244c7cb63effda942f2d30308e3b84a72e1d16118b0220038e55f142501402cf03790b3997081f82ffe47f2d3f3b667e1c484aecf40a33 ``` +**Cross-check**: Once the CTFE is configured and running, opening +`http://localhost://ct/v1/get-roots` shows the configured roots. + +Alternatively, the `ctclient` command-line tool shows the same information in a +more friendly way: +e.g. +```bash +go run github.com/google/certificate-transparency-go/client/ctclient@master get-roots --log_uri http://localhost:6966/aramis +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 67554046 (0x406cafe) + Signature Algorithm: ECDSA-SHA256 +... +``` + +