Starts authentication book for Quay (#1072)

Co-authored-by: Steven Smith <stevsmit@stevsmit-thinkpadt14gen4.remote.csb>

Author: stevsmit

deploy_quay/master.adoc

@@ -47,7 +47,7 @@ include::modules/advanced-quay-poc-deployment.adoc[leveloffset=+1]
 include::modules/ssl-intro.adoc[leveloffset=+2]
 include::modules/ssl-create-certs.adoc[leveloffset=+3]
 include::modules/configuring-ssl-tls.adoc[leveloffset=+2]
-include::modules/ssl-config-ui.adoc[leveloffset=+3]
+//include::modules/ssl-config-ui.adoc[leveloffset=+3]
 include::modules/ssl-config-cli.adoc[leveloffset=+3]
 include::modules/testing-ssl-tls-configuration.adoc[leveloffset=+2]
 include::modules/ssl-testing-cli.adoc[leveloffset=+3]

modules/configuring-ssl-tls.adoc

@@ -2,4 +2,4 @@
 [id="configuring-ssl-tls"]
 = Configuring SSL/TLS
 
-SSL/TLS can be configured using either the command-line interface (CLI) or the {productname} registry UI. Use one of the following procedures to configure SSL/TLS.
+SSL/TLS must be configured by using the command-line interface (CLI) and updating your `config.yaml` file manually.

modules/ssl-create-certs.adoc

@@ -2,7 +2,7 @@
 [id="creating-a-certificate-authority"]
 = Creating a Certificate Authority
 
-Use the following procedure to create a Certificate Authority (CA).
+To configure {productname} with a self-signed certificate, you must first create a Certificate Authority (CA). Use the following procedure to create a Certificate Authority (CA).
 
 .Procedure
 
@@ -63,6 +63,7 @@ Locality Name (eg, city) [Default City]:GALWAY
 Organization Name (eg, company) [Default Company Ltd]:QUAY
 Organizational Unit Name (eg, section) []:DOCS
 Common Name (eg, your name or your server's hostname) []:quay-server.example.com
+Email Address []:
 ----
 
 . Create a configuration file `openssl.cnf`, specifying the server hostname, for example:

modules/ssl-intro.adoc

@@ -1,9 +1,4 @@
 [id="introduction-using-ssl"]
 = Using SSL/TLS
 
-To configure {productname} with a self-signed certificate, you must create a Certificate Authority (CA) and a primary key file named `ssl.cert` and `ssl.key`.
-
-[NOTE]
-====
-The following examples assume that you have configured the server hostname `quay-server.example.com` using DNS or another naming mechanism, such as adding an entry in your `/etc/hosts` file. For more information, see "Configuring port mapping for {productname}".
-====
+To configure {productname} with a self-signed certificate, you must create a Certificate Authority (CA) and a primary key file named `ssl.cert` and `ssl.key`.

modules/ssl-testing-cli.adoc

@@ -2,18 +2,20 @@
 [id="testing-ssl-tls-configuration-using-cli"]
 = Testing the SSL/TLS configuration using the CLI
 
+Your SSL/TLS configuration can be tested by using the command-line interface (CLI). Use the following procedure to test your SSL/TLS configuration.
+
 Use the following procedure to test your SSL/TLS configuration using the CLI.
 
 .Procedure 
 
-* Enter the following command to attempt to log in to the {productname} registry with SSL/TLS enabled:
+. Enter the following command to attempt to log in to the {productname} registry with SSL/TLS enabled:
 +
 [source,terminal]
 ----
 $ sudo podman login quay-server.example.com
 ----
 +
-Example output
+.Example output
 +
 [source,terminal]
 ----

modules/testing-ssl-tls-configuration.adoc

@@ -2,4 +2,4 @@
 [id="testing-ssl-tls-configuration"]
 = Testing the SSL/TLS configuration
 
-Your SSL/TLS configuration can be tested using either the command-line interface (CLI) or the {productname} registry UI. Use one of the following procedures to test your SSL/TLS configuration.
+Your SSL/TLS configuration can be tested by using the command-line interface (CLI). Use the following procedure to test your SSL/TLS configuration.

tls_config/docinfo.xml

@@ -0,0 +1,10 @@
+<productname>{productname}</productname>
+<productnumber>{producty}</productnumber>
+<subtitle>Configuring SSL/TLS for {productname}</subtitle>
+<abstract>
+    <para>Using SSL/TLS with {productname}</para>
+</abstract>
+<authorgroup>
+    <orgname>Red Hat OpenShift Documentation Team</orgname>
+</authorgroup>
+<xi:include href="Common_Content/Legal_Notice.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />

tls_config/master.adoc

@@ -0,0 +1,20 @@
+include::modules/attributes.adoc[]
+
+:_content-type: ASSEMBLY
+[id="understanding-ssl-tls-quay"]
+= SSL/TLS for {productname}
+
+The Secure Sockets Layer (SSL) protocol was originally developed by Netscape Corporation to provide a mechanism for secure communication over the Internet. Subsequently, the protocol was adopted by the Internet Engineering Task Force (IETF) and renamed to Transport Layer Security (TLS).
+
+TLS (Transport Layer Security) is a cryptographic protocol used to secure network communications. When hardening system security settings by configuring preferred key-exchange protocols, authentication methods, and encryption algorithms, it is necessary to bear in mind that the broader the range of supported clients, the lower the resulting security. Conversely, strict security settings lead to limited compatibility with clients, which can result in some users being locked out of the system. Be sure to target the strictest available configuration and only relax it when it is required for compatibility reasons.
+
+{productname} can be configured to use SSL/TLS certificates to ensure secure communication between clients and the Quay server. This configuration involves the use of valid SSL/TLS certificates, which can be obtained from a trusted Certificate Authority (CA) or generated as self-signed certificates for internal use.
+
+The following sections show you how to enable SSL/TLS for {productname} by generating CAs, configuring SSL/TLS, testing the configuration, configuring Podman to trust the CA, and configuring the system to trust the CA. They should be followed in succession.
+
+include::modules/ssl-create-certs.adoc[leveloffset=+1]
+include::modules/configuring-ssl-tls.adoc[leveloffset=+2]
+include::modules/ssl-config-cli.adoc[leveloffset=+3]
+include::modules/ssl-testing-cli.adoc[leveloffset=+3]
+include::modules/ssl-trust-ca-podman.adoc[leveloffset=+2]
+include::modules/ssl-trust-ca-system.adoc[leveloffset=+2]

tls_config/modules

@@ -0,0 +1 @@
+../modules/