Merge pull request #297 from spieglt/main

Add missing steps to production considerations guide
smallstep · Feb 13, 2024 · 17f43d0 · 17f43d0
2 parents ee26ed4 + 4fbc227
commit 17f43d0
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/step-ca/certificate-authority-server-production.mdx b/step-ca/certificate-authority-server-production.mdx
@@ -307,8 +307,8 @@ Note: _This section requires a Linux OS running `systemd` version 245 or greater
 
   The service user will only be used by `systemd` to manage the CA. Run:
 
-  <CodeBlock language="shell-session" copytext="sudo useradd --system --home /etc/step-ca --shell /bin/false step">
-  {`$ sudo useradd --system --home /etc/step-ca --shell /bin/false step`}
+  <CodeBlock language="shell-session" copytext="sudo useradd --user-group --system --home /etc/step-ca --shell /bin/false step">
+  {`$ sudo useradd --user-group --system --home /etc/step-ca --shell /bin/false step`}
   </CodeBlock>
 
   If your CA will bind to port 443, the `step-ca` binary will need to be
@@ -335,6 +335,11 @@ Note: _This section requires a Linux OS running `systemd` version 245 or greater
   {`$ sudo chown -R step:step /etc/step-ca`}
   </CodeBlock>
 
+  Modify your `ca.conf` file to point to the new database location:
+  <CodeBlock language="shell-session">
+  {`cat <<< $(jq '.db.dataSource = "/etc/step-ca/db"' /etc/step-ca/config/ca.json) > /etc/step-ca/config/ca.json`}
+  </CodeBlock>
+
 3. Create a `systemd` unit file.
 
   ```shell-session