named key files

README.md

@@ -24,6 +24,12 @@ Generate a new private key and (public) certificate
 step ca certificate soteria.john-stream.com certs/foo.crt certs/foo.key --provisioner admin
 ```
 
+One-time setup for Caddy to be able to trust the Janus CA. This creates a symlink for the root CA.
+
+```
+ln -s $(step path)/certs/root_ca.crt certs/root_ca.crt
+```
+
 Check certificate
 ```
 openssl x509 -in certs/foo.crt -noout -subject -issuer -ext extendedKeyUsage
@@ -57,11 +63,17 @@ pct set 103 -mp0 /mnt/nfs/restic,mp=/mnt/restic
 
 ## Restic Clients
 
+```
+cd $(step path)/certs && \
+step ca certificate --provisioner admin $USER@$HOSTNAME restic.crt restic.key && \
+(umask 077; cat restic.crt restic.key > restic.pem)
+```
+
 Need restic 0.16+ for the env vars `RESTIC_CACERT` and `RESTIC_TLS_CLIENT_CERT` to work.
 
 ```
 export RESTIC_CACERT=$(step path)/certs/root_ca.crt
-export RESTIC_TLS_CLIENT_CERT=$(step path)/certs/soteria.pem
+export RESTIC_TLS_CLIENT_CERT=$(step path)/certs/restic.pem
 ```
 
 ### Installing Latest Binary