Improve documentation for --pass param to certutil #35432
Closed
+7
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Better explaination for --pass parameter in documentation for elasticsearch-certutil.
tvernum
added
>docs
|
Pinging @elastic/es-security |
|
@elasticmachine test this please |
tvernum
changed the title
tvernum
requested changes
Nov 26, 2018
| Keys stored in PKCS#12 format are always password protected. | ||
| Keys stored in PKCS#12 format are always password protected. However, it supports | ||
| the password to be _blank_. If you want to specify a _blank_ password without | ||
| prompt, use '--pass ""' (with no '='). |
There was a problem hiding this comment.
I like the way this has been structured, but I think we can tighten up the wording a bit.
What do you think of:
Keys stored in PKCS#12 format are always password protected, however,
this password may be _blank_. If you want to specify a blank password
without a prompt, pass `--pass ""` (with no `=`) on the command line.
| + | ||
| Keys stored in PEM format are password protected only if the | ||
| `--pass` parameter is specified. If you do not supply an argument for the | ||
| `--pass` parameter, you are prompted for a password. | ||
| `--pass` parameter, you are prompted for a password. It does not support having | ||
| _blank_ as password. |
There was a problem hiding this comment.
Suggestion
`--pass` parameter, you are prompted for a password.
Encrypted PEM files do not support blank passwords (if you do not
wish to password-protected your PEM keys, then do not specify
`--pass`).
| If you want to specify a _blank_ password (without prompting), use | ||
| `--pass ""` (with no `=`). | ||
| If there is a requirement to create an unencrypted PEM file skip '--pass' | ||
| parameter. |
There was a problem hiding this comment.
I think this advice can be incorporated into the paragraph above it.
|
@vikene Do you think you'll have a chance to look at this again, or would prefer that we pick it up internally? |
|
@tvernum I am sorry missed those notification, sure. I will do those changes asap. |
|
Closing in favour of #40137 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Better explaination for --pass parameter in documentation for elasticsearch-certutil.
Resolves: #35285