modify cert request config, more ssl docs

[ouya-imagestore.git] / doc / README.rst

diff --git a/doc/README.rst b/doc/README.rst
index 951b7c25afb710f8cc3c377975461fa0ae6b6587..8e51fcab08800e7582c84159d5149eb3d245a724 100644 (file)
--- a/doc/README.rst
+++ b/doc/README.rst
@@ -4,9 +4,9 @@ Generate web server SSL certificate
 
   $ openssl req -new -x509 -nodes -config ouya.tv-cert-req.cnf -out selfcert-ouya.tv.pem -keyout selfcert-ouya.tv.key -days 730
 
-  $ openssl genrsa -out selfcert-ouya.tv.key 2048
+  $ openssl genrsa -out selfcert-ouya.tv.key 1024
   $ openssl req -new -config ouya.tv-cert-req.cnf -key selfcert-ouya.tv.key -out selfcert-ouya.tv.csr
-  $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730
+  $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730 -extfile ouya.tv-cert-req.cnf
 
 Verify CSR::
 
@@ -17,3 +17,8 @@ Verify certificate::
   $ openssl x509 -in selfcert-ouya.tv.crt -text -noout
 
 Then install the certificate in your web server.
+
+Note that the OUYA store application does not use SNI (Server Name Indication).
+This means that your server's *.ouya.tv must be delivered first when no
+host name is indicated by the client, thus the vhost has to be the first
+of all in the configuration.