Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add command for starting ctfe to ManualDeploy doc #1069

Merged
merged 2 commits into from
May 5, 2023
Merged

Add command for starting ctfe to ManualDeploy doc #1069

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9ef256
Add command for starting ctfe to ManualDeploy doc
AlCutter May 5, 2023
2e540a5
Fix get-roots command
AlCutter May 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 27 additions & 18 deletions trillian/docs/ManualDeployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,24 +285,6 @@ for feeding to `ct-server` can thus be produced with:
% cat /etc/ssl/certs/* > ca-roots.pem
```

**Cross-check**: Once the CTFE is configured and running
([below](#ctfe-start-up)), opening
`http://localhost:<port>/<prefix>/ct/v1/get-roots` shows the configured roots.
Alternatively, the `ctclient` command-line tool shows the same information in a
more friendly way:

```bash
% go install github.com/google/certificate-transparency-go/client/ctclient
% ctclient --log_uri http://localhost:6966/aramis getroots
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 67554046 (0x406cafe)
Signature Algorithm: ECDSA-SHA256
...
```


### CTFE Configuration

The information from the previous steps now needs to be assembled into a
Expand Down Expand Up @@ -344,6 +326,14 @@ can be started.
it should match the `--rpc_endpoint` for the [log server](#trillian-services).
- The `--http_endpoint` option indicates the port that the CTFE should respond
to HTTP(S) requests on.

e.g.
```bash
CTFE_CONFIG=/path/to/your/ctfe_config_file
TRILLIAN_LOG_SERVER_RPC_ENDPOINT=localhost:8080
go run github.com/google/certificate-transparency-go/trillian/ctfe/ct_server --log_config ${CTFE_CONFIG} --http_endpoint=localhost:6966 --log_rpc_server ${TRILLIAN_LOG_SERVER_RPC_ENDPOINT} --logtostderr

```

At this point, a complete (but minimal) CT Log setup is available. The manual
set up steps up to this point match the
Expand All @@ -352,14 +342,33 @@ script should (mostly) make sense.

**Cross-check**: Opening `http://localhost:<port>/<prefix>/ct/v1/get-sth` in a
browser should show JSON that indicates an empty tree.

Alternatively, the `ctclient` command-line tool shows the same information:
e.g.
```bash
go run github.com/google/certificate-transparency-go/client/ctclient@master get-sth --log_uri http://localhost:6966/aramis
2018-10-12 11:28:08.544 +0100 BST (timestamp 1539340088544): Got STH for V1 log (size=11718) at http://localhost:6966/aramis, hash 6fb36fcca60d61aa85e04ff0c34a87782f12d08568118602eec0208d85c3a40d
Signature: Hash=SHA256 Sign=ECDSA
Value=3045022100df855f0fd097a45070e2eb244c7cb63effda942f2d30308e3b84a72e1d16118b0220038e55f142501402cf03790b3997081f82ffe47f2d3f3b667e1c484aecf40a33
```

**Cross-check**: Once the CTFE is configured and running, opening
`http://localhost:<port>/<prefix>/ct/v1/get-roots` shows the configured roots.

Alternatively, the `ctclient` command-line tool shows the same information in a
more friendly way:
e.g.
```bash
go run github.com/google/certificate-transparency-go/client/ctclient@master get-roots --log_uri http://localhost:6966/aramis
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 67554046 (0x406cafe)
Signature Algorithm: ECDSA-SHA256
...
```


<img src="images/Deployment3CTFE.png" width="650">


Expand Down