blob: 72b99e0da22fe183aa4d4c1d40fc71d5dda6999c [file] [log] [blame]
********************************************************************************
Gitblit 伺服器 $serverHostname 所需之 SSL 用戶端憑證
********************************************************************************
$userDisplayname 您好,
伺服器 $serverHostname 所需要的私鑰,公鑰以及Gitblit簽證檔案(CA)存放於 $username.p12, PKCS#12 certificate store[1] 以及 $username.pem.
兩種證書皆受密碼保護.
密碼提示: $storePasswordHint
Git 憑證匯入步驟
=============================================
附件之 PEM 檔案可以直接匯入至您的git程式裡.
git config [--global] http.sslCert path/to/$username.pem
PEM檔案受密碼保護,因此匯入過程會提示多次. 如果您偏好不使用密碼,您需要另外匯出無密碼之私鑰後,再匯入git程式裡.
openssl rsa -in path/to/$username.pem -out path/to/$username.key
git config [--global] http.sslKey path/to/$username.key
此外,您應該妥善保管已經解除密碼保護之私鑰.
註:
如果沒有匯出私鑰, 有些早期git版本將會發生匯入失敗問題,例如:Ubuntu 12.04 with git 1.7.9.5.
Firefox 憑證匯入步驟
=============================================
Firefox 有自己的證書管理介面.
1. 點選 "選項->進階->憑證"
2. 點選 "檢視憑證清單"
3. 切換至 "您的憑證"
4. 點選 "匯入(M)"
5. 選擇電腦中的憑證檔案 $username.p12
6. 輸入憑證檔案所需的密碼
7. 切換至"憑證機構"
8. 找到 "Gitblit Certificate Authority" 憑證
9. 點選"編輯信任(E)"
10.選擇信任網站.
Chrome/IE (Windows) 憑證匯入步驟
=============================================
Windows作業系統下, Chrome IE 共用相同的憑證設定.
IE
------------------------------------
1. 選擇 "網際網路選項->內容"
2. 點選"憑證"
Chrome
------------------------------------
1. 選擇 "設定->顯示進階設定->HTTP/SSL"
2. 點選"管理憑證"
共同步驟 (Windows)
------------------------------------
3. 切換至 "個人"
4. 點選"匯入(I)"
5. 依照指示匯入.
請切換匯入檔案類型為p12並且找到 $username.p12 這個憑證檔案
6. 輸入憑證檔案保護密碼
7. 由於主要發放憑證單位(CA)與個人憑證檔案皆儲存於 $username.p12, 因此匯入時候,必須選擇 "自動根據憑證類型來選擇憑證存放區".
如果選擇預設值匯入, 將不會安裝主要發放憑證單位(CA)
Chrome (Linux) Installation Instructions
=============================================
On Linux, Chrome maintains it's own certificate store.
1. Navigate to Settings->Show Advanced Settings->HTTP/SSL
2. Click the "Manage Certificates..." button
3. Navigate your filesystem and select $username.p12
4. At the password prompt enter the certificate store password
You have now imported your private key, public certificate, and the CA certificate
but now we must manually set the trust settings of the CA certificate.
5. Switch to the "Authorities" tab
6. Scroll down and find "Gitblit-> Gitblit Certificate Authority"
7. Select it and click "Edit Trust..."
8. Check "This certificate can identify websites" and click OK.
Chrome/Safari (Mac OS X) Installation Instructions
=============================================
On Mac OS X, Chrome and Safari both use Keychain Access to store certificates
so configuring one will automatically apply for both.
1. Double-click $username.pem
2. At the password prompt enter the certificate store password
You have now imported your private key, public certificate, and the CA certificate
but now we must manually set the trust settings of the CA certificate.
3. Find the Gitblit Certificate Authority certificate, it should have a red
indicator meaning untrusted, and double-click it.
4. Open the "Trust" disclosure triangle and change "When using this certificate"
to "Always Trust".
5. Close the certificate view and enter your system password to save the changes
to your keychain.
[1] PKCS#12 is one of the standard container formats for sharing private keys and
public certificates.
[2] http://www.openssl.org