[rs-commit] r136 - in /rs-manual/trunk/src/site: resources/images/mod_ca-backend.png resources/images/mod_ca-frontend.png xhtml5/mod/mod_ca.xhtml5
rs-commit at redwax.eu
rs-commit at redwax.eu
Sun Nov 3 01:10:15 CET 2019
Author: minfrin at redwax.eu
Date: Sun Nov 3 01:10:13 2019
New Revision: 136
Log:
Add documentation for front end backend modules.
Added:
rs-manual/trunk/src/site/resources/images/mod_ca-backend.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-frontend.png (with props)
Modified:
rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5
Added: rs-manual/trunk/src/site/resources/images/mod_ca-backend.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-backend.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-frontend.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-frontend.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5 (original)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5 Sun Nov 3 01:10:13 2019
@@ -8,7 +8,7 @@
</head>
<body>
- <section class="spotlight style2 orient-right content-align-left image-position-left">
+ <section class="spotlight style2 orient-right content-align-left image-position-left" id="introduction">
<div class="content null">
<h2>Core Module</h2>
<p>This module provides the hooks that tie frontend and backend
@@ -19,347 +19,414 @@
</div>
</section>
- <div class="none">
-
- <section class="wrapper style1 align-center"
- id="introduction">
- <div class="inner">
-
- <div class="index align-left">
-
- <section>
- <header>
- <h3>What does it do?</h3>
- </header>
- <div class="content">
-
- <p>This module provides a set of hooks that allow different hook
- implementations to be plugged as required to build up a working
- certificate authority.
- </p>
-
- <p>
- Each hook implementation is a piece of a puzzle, the pieces of which
- can be swapped out to meet the exact needs of a given certificate
- authority. Only the hook implementations needed to meet a specific
- objective need be deployed, and the configuration can be hardened
- down to only those implementations required.
- </p>
-
- </div>
- </section>
-
- </div>
- </div>
- </section>
-
- <section class="wrapper style1 align-center"
- id="hook-reference">
- <div class="inner">
- <h2>Hook Reference</h2>
- <p>
- The following hooks are provided by this module.
- </p>
- <div class="index align-left">
-
- <section id="ca_sign">
- <header>
- <h3><a href="mod_ca.html#ca_sign">Sign Request</a></h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_sign.png" />
- Signs the certificate sign request.
- </p>
-
- <p>
- This hook receives a certificate sign request, and has the option
- to the process the certificate sign request immediately and return
- a signed certificate, or set aside the certificate sign request for
- later processing, and return confirmation that the certificate sign
- request was accepted.
- </p>
-
- <p>
- This hook is typically mandatory, in that if a hook implementation
- is not supplied, the request will fail.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_getca">
- <header>
- <h3><a href="mod_ca.html#ca_getca">Get Certificate Authority</a></h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_getca.png" />
- Returns the certificate authority certificate used to sign the request.
- </p>
-
- <p>
- This is the last certificate in the certificate chain, and is usually
- the root certificate.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_getnextca">
- <header>
- <h3><a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority</a></h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_getnextca.png" />
- Returns the next certificate authority certificate that will be used to sign
- future requests.
- </p>
-
- <p>
- For protocols that support certificate rollover, the next certificate
- authority certificate is provided by this hook on request.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_getchain">
- <header>
- <h3><a href="mod_ca.html#ca_getchain">Get Chain</a></h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_getchain.png" />
- Returns the chain of certificates used to sign the request.
- </p>
-
- <p>
- The certificate chain consists of all certificates apart from
- the last certificate specified in the file.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_makeserial">
- <header>
- <h3><a href="mod_ca.html#ca_makeserial">Make Serial</a></h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_makeserial.png" />
- Returns the serial number to be used while signing a certificate
- sign request.
- </p>
-
- <p>
- Hook implementations that issue a certificate immediately will typically
- use this hook to provide the serial number to the signing process.
- Alternatively, hook implementations that save the certificate sign
- request for later processing, or that pass the certificate sign
- request to external systems will rely on those external systems to
- handle the serial number.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_makekey">
- <header>
- <h3><a href="mod_ca.html#ca_makekey">Make Key</a></h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_makekey.png" />
- Returns a generated public/private key pair.
- </p>
-
- <p>
- Protocols that require that the public/private key pair be
- generated by the certificate authority will call this hook.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_gettime">
- <header>
- <h3><a href="mod_ca.html#ca_gettime">Get Time</a></h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_gettime.png" />
- Returns the time to be used for a given signature.
- </p>
-
- <p>
- This hook is called when a protocol needs to know the time to
- sign a certificate sign request, or when responding to a timestamp
- request.
- </p>
-
- <p>
- Hook implementations might source the time from the system, or
- might source the time from dedicated hardware for this purpose.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_reqauthz">
- <header>
- <h3>
- <a href="mod_ca.html#ca_reqauthz">Request Authorization</a>
- </h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_reqauthz.png" />
- Verify the parameters
- included with the certificate sign request, such as the
- challenge password.
- </p>
-
- <p>
- This hook is optional, in that if a hook implementation
- is not supplied, the request will succeed.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_certstore">
- <header>
- <h3>
- <a href="mod_ca.html#ca_certstore">Certificate Storage</a>
- </h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_certstore.png" />
- Store the newly generated certificate to locally or in a database
- or directory.
- </p>
-
- <p>
- This hook is optional, in that if a hook implementation
- is not supplied, the request will succeed.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_getcrl">
- <header>
- <h3>Get Certificate Revocation List</h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_getcrl.png" />
- Returns the certificate revocation list.
- </p>
-
- <p>
- The certificate revocation list might be stored on disk or in a
- directory, or the certificate revocation list might be generated
- on the fly.
- </p>
-
- <p>
- This hook will stop when the first configured implementation has handled
- the request.
- <p>
-
- </div>
- </section>
-
- <section id="ca_getcertstatus">
- <header>
- <h3>Get Certificate Status</h3>
- </header>
- <div class="content">
-
- <p>
- <img class="image right" src="../images/mod_ca-ca_getcertstatus.png" />
- Return the status of a specific certificate from
- the certificate revocation list.
- </p>
-
- <p>
- This hook is used for protocols where the status of a single certificate
- can be queried.
- </p>
-
- <p>
- This hook will stop when all the configured implementations have handled
- the request.
- <p>
-
- </div>
- </section>
-
- </div>
- </div>
- </section>
-
- </div>
+ <section class="wrapper style1 align-center inner"
+ id="types">
+ <div class="content index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+
+ <p>This module provides a set of hooks that allow different hook
+ implementations to be plugged as required to build up a working
+ certificate authority.
+ </p>
+
+ <p>
+ Each hook implementation is a piece of a puzzle, the pieces of which
+ can be swapped out to meet the exact needs of a given certificate
+ authority. Only the hook implementations needed to meet a specific
+ objective need be deployed, and the configuration can be hardened
+ down to only those implementations required.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </section>
+
+ <section class="wrapper style1 align-center inner"
+ id="types">
+ <header>
+ <h2>Frontend and Backend Modules</h2>
+ <p>
+ Redwax Server modules come in two different types. To create a working
+ certificate authority, you need at least one frontend module, and at
+ least one backend module.
+ </p>
+ </header>
+ <div class="content index align-left">
+
+ <section id="frontend">
+ <header>
+ <h3>Frontend Modules</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ Modules that implement specific web based protocols like SCEP or OCSP
+ are termed <code>frontend modules</code> and hook themselves into the
+ Apache httpd <code>request hook</code>.
+ </p>
+
+ <p>
+ At key points in the protocol, like signing a certificate sign request,
+ or returning the time, the <code>frontend modules</code> call hooks to plug
+ in the desired implementations to perform each step.
+ </p>
+
+ <p>
+ These hook implementations are provided in <code>backend modules</code>.
+ </p>
+
+ <p>
+ <img src="../images/mod_ca-frontend.png" style="width: 100%;" />
+ </p>
+
+ </div>
+ </section>
+
+ <section id="backend">
+ <header>
+ <h3>Backend Modules</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ Modules that implement low level functions like signing a certificate sign
+ request or returning the time are termed <code>backend modules</code> and
+ hook themselves into <code>frontend modules</code>. Some
+ <code>backend modules</code> may choose to hook in other
+ <code>backend modules</code> depending on the application.
+ </p>
+
+ <p>
+ To build a certificate authority, combine <code>frontend modules</code>
+ with suitably configured <code>backend modules</code> to meet the objectives
+ needed.
+ </p>
+
+ <p>
+ <img src="../images/mod_ca-backend.png" style="width: 100%;" />
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </section>
+
+ <section class="wrapper style1 align-center inner"
+ id="types">
+ <header>
+ <h2>Hook Reference</h2>
+ <p>
+ Frontend and backend modules are linked to one another using hooks. The
+ following hooks are provided by this module.
+ </p>
+ </header>
+ <div class="content index align-left">
+
+ <section id="ca_sign">
+ <header>
+ <h3><a href="mod_ca.html#ca_sign">Sign Request</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_sign.png" />
+ Signs the certificate sign request.
+ </p>
+
+ <p>
+ This hook receives a certificate sign request, and has the option
+ to the process the certificate sign request immediately and return
+ a signed certificate, or set aside the certificate sign request for
+ later processing, and return confirmation that the certificate sign
+ request was accepted.
+ </p>
+
+ <p>
+ This hook is typically mandatory, in that if a hook implementation
+ is not supplied, the request will fail.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getca">
+ <header>
+ <h3><a href="mod_ca.html#ca_getca">Get Certificate Authority</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getca.png" />
+ Returns the certificate authority certificate used to sign the request.
+ </p>
+
+ <p>
+ This is the last certificate in the certificate chain, and is usually
+ the root certificate.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getnextca">
+ <header>
+ <h3><a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getnextca.png" />
+ Returns the next certificate authority certificate that will be used to sign
+ future requests.
+ </p>
+
+ <p>
+ For protocols that support certificate rollover, the next certificate
+ authority certificate is provided by this hook on request.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getchain">
+ <header>
+ <h3><a href="mod_ca.html#ca_getchain">Get Chain</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getchain.png" />
+ Returns the chain of certificates used to sign the request.
+ </p>
+
+ <p>
+ The certificate chain consists of all certificates apart from
+ the last certificate specified in the file.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_makeserial">
+ <header>
+ <h3><a href="mod_ca.html#ca_makeserial">Make Serial</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_makeserial.png" />
+ Returns the serial number to be used while signing a certificate
+ sign request.
+ </p>
+
+ <p>
+ Hook implementations that issue a certificate immediately will typically
+ use this hook to provide the serial number to the signing process.
+ Alternatively, hook implementations that save the certificate sign
+ request for later processing, or that pass the certificate sign
+ request to external systems will rely on those external systems to
+ handle the serial number.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_makekey">
+ <header>
+ <h3><a href="mod_ca.html#ca_makekey">Make Key</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_makekey.png" />
+ Returns a generated public/private key pair.
+ </p>
+
+ <p>
+ Protocols that require that the public/private key pair be
+ generated by the certificate authority will call this hook.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_gettime">
+ <header>
+ <h3><a href="mod_ca.html#ca_gettime">Get Time</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_gettime.png" />
+ Returns the time to be used for a given signature.
+ </p>
+
+ <p>
+ This hook is called when a protocol needs to know the time to
+ sign a certificate sign request, or when responding to a timestamp
+ request.
+ </p>
+
+ <p>
+ Hook implementations might source the time from the system, or
+ might source the time from dedicated hardware for this purpose.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_reqauthz">
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Request Authorization</a>
+ </h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_reqauthz.png" />
+ Verify the parameters
+ included with the certificate sign request, such as the
+ challenge password.
+ </p>
+
+ <p>
+ This hook is optional, in that if a hook implementation
+ is not supplied, the request will succeed.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_certstore">
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_certstore">Certificate Storage</a>
+ </h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_certstore.png" />
+ Store the newly generated certificate to locally or in a database
+ or directory.
+ </p>
+
+ <p>
+ This hook is optional, in that if a hook implementation
+ is not supplied, the request will succeed.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getcrl">
+ <header>
+ <h3>Get Certificate Revocation List</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getcrl.png" />
+ Returns the certificate revocation list.
+ </p>
+
+ <p>
+ The certificate revocation list might be stored on disk or in a
+ directory, or the certificate revocation list might be generated
+ on the fly.
+ </p>
+
+ <p>
+ This hook will stop when the first configured implementation has handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getcertstatus">
+ <header>
+ <h3>Get Certificate Status</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getcertstatus.png" />
+ Return the status of a specific certificate from
+ the certificate revocation list.
+ </p>
+
+ <p>
+ This hook is used for protocols where the status of a single certificate
+ can be queried.
+ </p>
+
+ <p>
+ This hook will stop when all the configured implementations have handled
+ the request.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+
+ </section>
+
</body>
</html>
More information about the rs-commit
mailing list