README update

AtomGraph · Feb 7, 2025 · fff8676 · fff8676
1 parent 21d18dc
commit fff8676
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -57,19 +57,23 @@ It takes a few clicks and filling out a form to install the product into your ow
      OWNER_STATE_OR_PROVINCE=Denmark
      OWNER_COUNTRY_NAME=DK
      ```
-  3. Setup SSL certificates/keys by running this from command line (replace `$owner_cert_pwd` and `$secretary_cert_pwd` with your own passwords):
-     ```
-     ./scripts/setup.sh .env ssl $owner_cert_pwd $secretary_cert_pwd 3650
+  3. Setup server's SSL certificates by running this from command line:
+     ```shell
+     ./scripts/server-cert-gen.sh .env nginx ssl
      ```
      The script will create an `ssl` sub-folder where the SSL certificates and/or public keys will be placed.
   4. Launch the application services by running this from command line:
-     ```
+     ```shell
      docker-compose up --build
      ```
      It will build LinkedDataHub's Docker image, start its container and mount the following sub-folders:
+     - `ssl`
+       * `owner` stores root owner's WebID certificate, keystore, and public key
+       * `secretary` stores root application's WebID certificate, keystore, and public key
+       * `server` stores the server's certificate (also used by nginx)
      - `data` where the triplestore(s) will persist RDF data
      - `uploads` where LDH stores content-hashed file uploads
-     The first should take around half a minute as datasets are being loaded into triplestores. After a successful startup, the last line of the Docker log should read something like:
+     It should take up to half a minute as datasets are being loaded into triplestores. After a successful startup, the last line of the Docker log should read something like:
      ```
      linkeddatahub_1     | 09-Feb-2021 14:18:10.536 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [32609] milliseconds
      ```
@@ -78,7 +82,15 @@ It takes a few clicks and filling out a form to install the product into your ow
      - Mozilla Firefox: `Options > Privacy > Security > View Certificates... > Import...`
      - Apple Safari: The file is installed directly into the operating system. Open the file and import it using the [Keychain Access](https://support.apple.com/guide/keychain-access/what-is-keychain-access-kyca1083/mac) tool (drag it to the `local` section).
      - Microsoft Edge: Does not support certificate management, you need to install the file into Windows. [Read more here](https://social.technet.microsoft.com/Forums/en-US/18301fff-0467-4e41-8dee-4e44823ed5bf/microsoft-edge-browser-and-ssl-certificates?forum=win10itprogeneral).
-  6. Open **https://localhost:4443/** in that web browser
+  6. For authenticated API access use the `ssl/owner/cert.pem` HTTPS client certificate.
+     If you are running Linux with user other than `root`, you might need to fix the certificate permissions because Docker bind mounts are owned by `root` by default. For example:
+     ```shell
+     sudo setfacl -m u:$(whoami):r ./ssl/owner/*
+     ```
+  7. Open **https://localhost:4443/** in the web browser or use `curl` for API access, for example:
+     ```shell
+     curl -k -E ./ssl/owner/cert.pem:<your cert password> -H "Accept: text/turtle" 'https://localhost:4443/'
+     ```
 
   ### Notes