From cc13eb8b083e2fdeb433c59dba18a09c6f6fd61a Mon Sep 17 00:00:00 2001
From: Paul Schwarzenberger <paul@celidor.net>
Date: Thu, 22 Feb 2024 19:32:51 +0000
Subject: [PATCH] Documentation updates

---
 .gitignore | 13 +++++++++++++
 README.md  | 43 +++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index e65f274..8755963 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,16 @@ terraform.rc
 
 # Ignore module directory
 terraform-aws-ca/
+
+# Ignore .DS_Store files
+.DS_Store
+
+# Ignore .idea directory
+.idea/
+
+# Ignore .vscode directory
+.vscode/
+
+# Python
+.venv/
+__pycache__
\ No newline at end of file
diff --git a/README.md b/README.md
index a1dbc4a..3d433a6 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,50 @@
 # cloud-ca
 Cloud CA demonstration built using AWS CA Terraform Module
 
-## ECDSA Certificate Authority with private CRL
+## CA Overview
+* ECDSA Issuing and Root CA
+* Public certs and CRL
+* Environment: `dev`
+
+## CA Certificates and CRLs
+
+### CRL Distribution Point (CDP)
+
+|                                       CDP - Root CA                                        |                                         CDP - Issuing CA                                         |
+:------------:|:------------:|
+|                    http://certs.cloud-ca.com/serverless-root-ca-dev.crl                     |                      http://certs.cloud-ca.com/serverless-issuing-ca-dev.crl                      |
+
+### Authority Information Access (AIA)
+
+|                                       AIA - Root CA                                        |                                       AIA - Issuing CA                                        |
+|:------------:|:------------:|
+|                    http://certs.cloud-ca.com/serverless-root-ca-dev.crt                     |                    http://certs.cloud-ca.com/serverless-issuing-ca-dev.crt                     |
+
+### CA Bundle (for TrustStore)
+
+|                                          CA Bundle                                           |
+|:--------------------------------------------------------------------------------------------:|
+|                      http://certs.cloud-ca.com/serverless-ca-bundle-dev.pem                       |
+
+
+## Create client certificate
+* log in to the CA AWS account with your terminal using AWS CLI, e.g. `aws sso login` or set AWS environment variables
+* from the root of this repository:
+```
+python -m venv .venv
+source .venv/bin/activate (Linux / MacOS)
+.venv/scripts/activate (Windows PowerShell)
+pip install -r tests/requirements-dev.txt
+python tests/client-cert.py
+```
+* you will now have a client key and certificate on your laptop
+* bundled Root CA and Issuing CA certs are also provided
+
+
 
 ## Local Development - Terraform
 ```
 terraform init -backend-config=bucket={YOUR_TERRAFORM_STATE_BUCKET} -backend-config=key=cloud-ca -backend-config=region={YOUR_TERRAFORM_STATE_REGION}
 terraform plan
 terraform apply
-```
\ No newline at end of file
+```