Docs: update to generate passwordless keys by default

but explain how to generate a password-protected private
key if needed.

Most QA environments do not need protected private keys

README.md

@@ -46,8 +46,8 @@ providing the passphrase:
 
 ``` shell
 cd [path to tls-gen repository]/basic
-# pass a password using the PASSWORD variable
-make PASSWORD=bunnies
+# pass a private key password using the PASSWORD variable if needed
+make
 
 ## copy or move files to use hostname-neutral filenames,
 ## this step is optional
@@ -67,8 +67,8 @@ It possible to use [ECC][ecc-intro] for leaf keys:
 
 ``` shell
 cd [path to tls-gen repository]/basic
-# pass a password using the PASSWORD variable
-make PASSWORD=bunnies USE_ECC=true ECC_CURVE="prime256v1"
+# pass a private key password using the PASSWORD variable if needed
+make USE_ECC=true ECC_CURVE="prime256v1"
 # results will be under the ./result directory
 ls -lha ./result
 ```
@@ -85,15 +85,16 @@ To generate a root CA, 2 shared intermediate CAs, client and server key/certific
 the [two_shared_intermediates](./two_shared_intermediates) directory:
 
 ``` shell
-make PASSWORD=bunnies
+# pass a private key password using the PASSWORD variable if needed
+make
 # results will be under the ./result directory
 ls -lha ./result
 ```
 
 It possible to use [ECC][ecc-intro] for intermediate and leaf keys:
 
 ``` shell
-make PASSWORD=bunnies USE_ECC=true ECC_CURVE="prime256v1"
+make USE_ECC=true ECC_CURVE="prime256v1"
 # results will be under the ./result directory
 ls -lha ./result
 ```
@@ -110,15 +111,16 @@ To generate a root CA, 2 intermediate CAs (one for server, one for client), clie
 the [separate_intermediates](./separate_intermediates) directory:
 
 ``` shell
-make PASSWORD=bunnies
+# pass a private key password using the PASSWORD variable if needed
+make
 # results will be under the ./result directory
 ls -lha ./result
 ```
 
 It possible to use [ECC][ecc-intro] for intermediate and leaf keys:
 
 ``` shell
-make PASSWORD=bunnies USE_ECC=true ECC_CURVE="prime256v1"
+make USE_ECC=true ECC_CURVE="prime256v1"
 # results will be under the ./result directory
 ls -lha ./result
 ```
@@ -134,7 +136,8 @@ openssl ecparam -list_curves
 To generate a new set of keys and certificates, use
 
 ``` shell
-make regen PASSWORD=bunnies
+# pass a private key password using the PASSWORD variable if needed
+make regen
 ```
 
 The `regen` target accepts the same variables as `gen` (default target) above.
@@ -154,7 +157,7 @@ By default, certificate's CN ([Common Name](http://tldp.org/HOWTO/Apache-WebDAV-
 It is possible to override CN with a `make` variable:
 
 ``` shell
-make PASSWORD=bunnies CN=secure.mydomain.local
+make CN=secure.mydomain.local
 ```
 
 ### Overriding Certificate Validity Period
@@ -163,7 +166,7 @@ By default certificates will be valid for 3650 days (about 10 years). The period
 can be changed by overriding the `DAYS_OF_VALIDITY` variable
 
 ``` shell
-make PASSWORD=bunnies DAYS_OF_VALIDITY=365
+make DAYS_OF_VALIDITY=365
 ```
 
 ### Generating Expired Certificates
@@ -173,7 +176,7 @@ and peer verification failures. To do so, set the certificate validity in
 days to a negative value:
 
 ``` shell
-make PASSWORD=bunnies DAYS_OF_VALIDITY=-7
+make DAYS_OF_VALIDITY=-7
 ```
 
 ### Overriding Number of Private Key Bits
@@ -182,7 +185,7 @@ It is possible to override the number of private key bits
 with a `make` variable:
 
 ``` shell
-make PASSWORD=bunnies NUMBER_OF_PRIVATE_KEY_BITS=4096
+make NUMBER_OF_PRIVATE_KEY_BITS=4096
 ```
 
 ### Certificate Information

basic/README.md

@@ -9,8 +9,8 @@ and two certificate/key pairs signed by it:
 ## Generating
 
 ```shell
-# pass a password using the PASSWORD env variable
-make PASSWORD=bunnies
+# pass a private key password using the PASSWORD variable if needed
+make
 # results will be under the ./result directory
 ls -lha ./result
 ```
@@ -23,7 +23,7 @@ It possible to use [ECC](https://blog.cloudflare.com/a-relatively-easy-to-unders
 ```shell
 cd [path to tls-gen repository]/basic
 # pass a password using the PASSWORD variable
-make PASSWORD=bunnies USE_ECC=true ECC_CURVE="prime256v1"
+make USE_ECC=true ECC_CURVE="prime256v1"
 # results will be under the ./result directory
 ls -lha ./result
 ```
@@ -39,23 +39,23 @@ openssl ecparam -list_curves
 If you want to generate additional server certificates using the same Root CA, use:
 
 ```shell
-make CN=newname PASSWORD=bunnies gen-server
+make CN=newname gen-server
 ```
 
 ### Generate additional client certificate
 
 If you want to generate additional client certificates using the same Root CA, use:
 
 ```shell
-make CN=newname PASSWORD=bunnies gen-client
+make CN=newname gen-client
 ```
 
 ### Regeneration
 
 To regenerate, use
 
 ```shell
-make PASSWORD=bunnies regen
+make regen
 ```
 
 The `regen` target accepts the same variables as `gen` (default target) above.

separate_intermediates/README.md

@@ -9,42 +9,55 @@ their respective intermediate CAs:
 
 ## Generating
 
-    # pass a password using the PASSWORD env variable
-    make PASSWORD=bunnies
-    # results will be under the ./result directory
-    ls -lha ./result
+``` shell
+# pass a password using the PASSWORD env variable
+make
+# results will be under the ./result directory
+ls -lha ./result
+```
 
 Generated CA certificate as well as client and server certificate and private keys will be
 under the `result` directory.
 
 It possible to use [ECC](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/) for intermediate and leaf keys:
 
-    make PASSWORD=bunnies USE_ECC=true ECC_CURVE="prime256v1"
-    # results will be under the ./result directory
-    ls -lha ./result
+``` shell
+# pass a private key password using the PASSWORD variable if needed
+make USE_ECC=true ECC_CURVE="prime256v1"
+# results will be under the ./result directory
+ls -lha ./result
+```
 
 The list of available curves can be obtained with
 
-    openssl ecparam -list_curves
+``` shell
+openssl ecparam -list_curves
+```
 
 ### Regeneration
 
 To regenerate, use
 
-    make regen PASSWORD=bunnies
+``` shell
+make regen
+```
 
 The `regen` target accepts the same variables as `gen` (default target) above.
 
 ### Verification
 
 You can verify the generated client and server certificates against the generated CA one with
 
-    make verify
+``` shell
+make verify
+```
 
 ## Certificate Information
 
 To display client and server certificate information, use
 
-    make info
+``` shell
+make info
+```
 
 This assumes the certificates were previously generated.

two_shared_intermediates/README.md

@@ -9,42 +9,56 @@ the 2nd intermediate CA:
 
 ## Generating
 
-    # pass a password using the PASSWORD env variable
-    make PASSWORD=bunnies
-    # results will be under the ./result directory
-    ls -lha ./result
+``` shell
+# pass a password using the PASSWORD env variable
+make
+# results will be under the ./result directory
+ls -lha ./result
+```
 
 Generated CA certificate as well as client and server certificate and private keys will be
 under the `result` directory.
 
 It possible to use [ECC][ecc-intro] for intermediate and leaf keys:
 
-    make PASSWORD=bunnies USE_ECC=true ECC_CURVE="prime256v1"
-    # results will be under the ./result directory
-    ls -lha ./result
+```
+# pass a private key password using the PASSWORD variable if needed
+make USE_ECC=true ECC_CURVE="prime256v1"
+# results will be under the ./result directory
+ls -lha ./result
+```
 
 The list of available curves can be obtained with
 
-    openssl ecparam -list_curves
+``` shell
+openssl ecparam -list_curves
+```
 
 ### Regeneration
 
 To regenerate, use
 
-    make regen PASSWORD=bunnies
+``` shell
+# pass a private key password using the PASSWORD variable if needed
+make regen
+```
 
 The `regen` target accepts the same variables as `gen` (default target) above.
 
 ### Verification
 
 You can verify the generated client and server certificates against the generated CA one with
 
-    make verify
+``` shell
+make verify
+```
 
 ## Certificate Information
 
 To display client and server certificate information, use
 
-    make info
+``` shell
+make info
+```
 
 This assumes the certificates were previously generated.