From 1cd072425ce5ee82c7f5bb08c62d0eb618c2a7f6 Mon Sep 17 00:00:00 2001
From: Ian Maddaus <ian.maddaus@progress.com>
Date: Fri, 23 May 2025 12:33:23 -0400
Subject: [PATCH] Update Automate docs

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
---
 .../content/automate/ha_cert_selfsign.md      | 97 ++++++++++++-------
 _vendor/modules.txt                           |  2 +-
 go.mod                                        |  2 +-
 go.sum                                        |  4 +-
 4 files changed, 67 insertions(+), 38 deletions(-)

diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md
index 73f009c190..90c014d99f 100644
--- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md
+++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md
@@ -42,40 +42,69 @@ You can create a self-signed key and certificate pair with the **OpenSSL** utili
 1. `cd rotate-certs` then execute the below script.
 
     ```bash
-    # !/bin/bash
-    echo extendedKeyUsage = clientAuth, serverAuth > server_cert_ext.cnf
-    echo subjectAltName = DNS:chefadmin >> server_cert_ext.cnf
-    echo extendedKeyUsage = clientAuth, serverAuth > node_cert_ext.cnf
-    echo subjectAltName = DNS:chefnode >> node_cert_ext.cnf 
-    echo extendedKeyUsage = clientAuth, serverAuth > client_cert_ext.cnf
-    echo subjectAltName = DNS:chefclient >> client_cert_ext.cnf
-    
-    openssl genrsa -out root-ca-key.pem 2048
-    openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=progress" -out root-ca.pem -days 1095 -addext basicConstraints=CA:TRUE
-
-    # Admin cert
-    openssl genrsa -out admin-key-temp.pem 2048
-    openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
-    openssl req -new -key admin-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefadmin" -out admin.csr
-    openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem -days 1095 -extfile server_cert_ext.cnf
-
-    # Node cert 1
-    openssl genrsa -out node1-key-temp.pem 2048
-    openssl pkcs8 -inform PEM -outform PEM -in node1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node1-key.pem
-    openssl req -new -key node1-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node1.csr
-    openssl x509 -req -in node1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node1.pem -days 1095 -extfile node_cert_ext.cnf
-
-    # Node cert 2
-    openssl genrsa -out node2-key-temp.pem 2048
-    openssl pkcs8 -inform PEM -outform PEM -in node2-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node2-key.pem
-    openssl req -new -key node2-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node2.csr
-    openssl x509 -req -in node2.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node2.pem -days 1095 -extfile node_cert_ext.cnf
-
-    # Client cert
-    openssl genrsa -out client-key-temp.pem 2048
-    openssl pkcs8 -inform PEM -outform PEM -in client-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out client-key.pem
-    openssl req -new -key client-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefclient" -out client.csr
-    openssl x509 -req -in client.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out client.pem -days 1095 -extfile client_cert_ext.cnf
+      # Run with OpenSSL version 1.0.2k-fips    
+      cat <<EOF >> root-ca.cnf
+      [req]
+      distinguished_name = req_distinguished_name
+      x509_extensions = v3_ca
+      prompt = no
+      
+      [req_distinguished_name]
+      C = US
+      ST = Washington
+      L = Seattle
+      O = Chef Software Inc
+      CN = progress
+      
+      [v3_ca]
+      basicConstraints = critical,CA:TRUE
+      keyUsage = critical, keyCertSign, cRLSign
+      EOF
+      
+      # Create certificate extension configuration files
+      echo "extendedKeyUsage = clientAuth, serverAuth" > server_cert_ext.cnf
+      echo "subjectAltName = DNS:chefadmin" >> server_cert_ext.cnf
+      
+      echo "extendedKeyUsage = clientAuth, serverAuth" > node_cert_ext.cnf
+      echo "subjectAltName = DNS:chefnode" >> node_cert_ext.cnf
+      
+      echo "extendedKeyUsage = clientAuth, serverAuth" > client_cert_ext.cnf
+      echo "subjectAltName = DNS:chefclient" >> client_cert_ext.cnf
+      
+      # Generate Root CA Key & Certificate
+      openssl genrsa -out root-ca-key.pem 2048
+      openssl req -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -days 1095 -config root-ca.cnf
+      
+      # Admin Certificate
+      openssl genrsa -out admin-key-temp.pem 2048
+      openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
+      openssl req -new -key admin-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefadmin" -out admin.csr
+      openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem -days 1095 -extfile server_cert_ext.cnf
+      
+      # Node Certificate 1
+      openssl genrsa -out node1-key-temp.pem 2048
+      openssl pkcs8 -inform PEM -outform PEM -in node1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node1-key.pem
+      openssl req -new -key node1-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node1.csr
+      openssl x509 -req -in node1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node1.pem -days 1095 -extfile node_cert_ext.cnf
+      
+      # Node Certificate 2
+      openssl genrsa -out node2-key-temp.pem 2048
+      openssl pkcs8 -inform PEM -outform PEM -in node2-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node2-key.pem
+      openssl req -new -key node2-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node2.csr
+      openssl x509 -req -in node2.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node2.pem -days 1095 -extfile node_cert_ext.cnf
+      
+      # Node Certificate 3
+      openssl genrsa -out node3-key-temp.pem 2048
+      openssl pkcs8 -inform PEM -outform PEM -in node3-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node3-key.pem
+      openssl req -new -key node3-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node3.csr
+      openssl x509 -req -in node3.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node3.pem -days 1095 -extfile node_cert_ext.cnf
+      
+      # Client Certificate
+      openssl genrsa -out client-key-temp.pem 2048
+      openssl pkcs8 -inform PEM -outform PEM -in client-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out client-key.pem
+      openssl req -new -key client-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefclient" -out client.csr
+      openssl x509 -req -in client.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out client.pem -days 1095 -extfile client_cert_ext.cnf
+
     ```
 
 1. The script generates the certificates at the newly created directory, `rotate-certs` in this case.
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index 6135d026e9..664287456a 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -1,4 +1,4 @@
-# github.com/chef/automate/components/docs-chef-io v0.0.0-20250515070321-84edd4277ae8
+# github.com/chef/automate/components/docs-chef-io v0.0.0-20250523162809-c04dcb15deda
 # github.com/chef/desktop-config/docs-chef-io v0.0.0-20240814044820-5af667d41a43
 # github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20241227173243-de19b906a228
 # github.com/chef/chef-server/docs-chef-io v0.0.0-20250414141619-a0fb7ff68e94
diff --git a/go.mod b/go.mod
index 56940f9d8e..f660415fa6 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/chef/chef-web-docs
 go 1.22
 
 require (
-	github.com/chef/automate/components/docs-chef-io v0.0.0-20250515070321-84edd4277ae8 // indirect
+	github.com/chef/automate/components/docs-chef-io v0.0.0-20250523162809-c04dcb15deda // indirect
 	github.com/chef/chef-docs-theme v0.0.0-20250217213320-727f9bce8258 // indirect
 	github.com/chef/chef-server/docs-chef-io v0.0.0-20250414141619-a0fb7ff68e94 // indirect
 	github.com/chef/chef-workstation/docs-chef-io v0.0.0-20250205062508-ee50345a4044 // indirect
diff --git a/go.sum b/go.sum
index d8acf16fe6..390f61a33c 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-github.com/chef/automate/components/docs-chef-io v0.0.0-20250515070321-84edd4277ae8 h1:YDp7WgYZJ0H4aBz4Kq0OpcUNdbi2EnKU6nM8rmdlEQI=
-github.com/chef/automate/components/docs-chef-io v0.0.0-20250515070321-84edd4277ae8/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU=
+github.com/chef/automate/components/docs-chef-io v0.0.0-20250523162809-c04dcb15deda h1:XooPMJHu/R5h4LjMGSWZ77xKaZHqtPPs7a/rDt8RuPc=
+github.com/chef/automate/components/docs-chef-io v0.0.0-20250523162809-c04dcb15deda/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU=
 github.com/chef/chef-docs-theme v0.0.0-20250217213320-727f9bce8258 h1:wpWL3E4Kb6ynNEwilZiKk/clD0g9AjinDB/D+OKeKHU=
 github.com/chef/chef-docs-theme v0.0.0-20250217213320-727f9bce8258/go.mod h1:+Jpnv+LXE6dXu2xDcMzMc0RxRGuCPAoFxq5tJ/X6QpQ=
 github.com/chef/chef-server/docs-chef-io v0.0.0-20250414141619-a0fb7ff68e94 h1:YpF+MQ2CQ0V/sOtGrTCxa+Lpd5J9iR6ADDkrdSMqtw0=