[rs-commit] r90 - in /rs-manual/trunk/src: main/modules.xml site/resources/images/mod_ca_simple-1.png site/resources/images/mod_ca_simple-2.png site/resources/images/mod_ca_simple-3.png site/xhtml5/mod/mod_ca_simple.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Wed Oct 16 00:34:38 CEST 2019


Author: minfrin at redwax.eu
Date: Wed Oct 16 00:34:38 2019
New Revision: 90

Log:
Add docs for mod_ca_simple.

Added:
    rs-manual/trunk/src/site/resources/images/mod_ca_simple-1.png   (with props)
    rs-manual/trunk/src/site/resources/images/mod_ca_simple-2.png   (with props)
    rs-manual/trunk/src/site/resources/images/mod_ca_simple-3.png   (with props)
    rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5
Modified:
    rs-manual/trunk/src/main/modules.xml

Modified: rs-manual/trunk/src/main/modules.xml
==============================================================================
--- rs-manual/trunk/src/main/modules.xml	(original)
+++ rs-manual/trunk/src/main/modules.xml	Wed Oct 16 00:34:38 2019
@@ -9,4 +9,5 @@
   <module type="backend">mod_ca</module>
   <module type="backend">mod_ca_crl</module>
   <module type="backend">mod_ca_disk</module>
+  <module type="backend">mod_ca_simple</module>
 </modules>

Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-1.png
==============================================================================
Binary file - no diff available.

Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-1.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-2.png
==============================================================================
Binary file - no diff available.

Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-2.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-3.png
==============================================================================
Binary file - no diff available.

Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-3.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5	(added)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5	Wed Oct 16 00:34:38 2019
@@ -0,0 +1,984 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+  <head>
+    <title>mod_ca_simple Module</title>
+    <meta name="description" content="Sign certificates using certificates and keys on disk, generate random serial numbers, return the system time." />
+    <meta name="mod-ca-type" content="backend" />
+  </head>
+  <body>
+    <div class="index align-left">
+
+      <section class="wrapper style1 align-center"
+        id="introduction">
+        <div class="inner">
+          <h2>Simple Backend Module</h2>
+          <p>Sign certificates using certificates and keys on disk, generate random serial numbers, return the system time.</p>
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>What does it do?</h3>
+              </header>
+              <div class="content">
+
+                <p>This module provides a basic set of signing functions that can be
+                  used to sign certificate sign requests.
+                </p>
+
+                <p>
+                  Based on the configuration of paths and files, this module
+                  performs basic signing of an incoming certificate sign request using
+                  a certificate and key stored on disk.
+                </p>
+                  
+                <p>In addition, this module can generate a random serial number and the
+                  system time to be used when signing a certificate.
+                </p>
+                
+                <p>The serial number can optionally be extracted from the subject of the
+                  certificate, when there is a requirement that certificates within a
+                  certificate authority are never reissued.
+                </p>
+
+              </div>
+            </section>
+
+
+          </div>
+        </div>
+      </section>
+
+
+
+      <section class="wrapper style1 align-center" id="integration">
+        <div class="inner">
+          <h2>Module Integration</h2>
+          <p>
+            The
+            <code>mod_ca_simple</code>
+            module is a
+            <a href="mod_ca.html#backend">backend module</a>
+            and will not do anything useful until
+            <code>mod_ca_simple</code>
+            has been combined with one or
+            more
+            <a href="mod_ca.html#frontend">frontend modules</a>
+            and optional <a href="mod_ca.html#backend">backend modules</a> listed below. The
+            <code>mod_ca_simple</code>
+            module provides the following hooks, and suitable
+            <a href="mod_ca.html#frontend">frontend modules</a>
+            must be configured to implement each protocol as needed.
+          </p>
+
+          <p>
+            All <a href="mod_ca.html#backend">backend modules</a> run within
+            a standard Apache httpd request, and standard httpd functionality
+            applies in all cases.
+          </p>
+
+          <div>
+            <img src="../images/mod_ca_simple-1.png" style="width: 100%;" />
+          </div>
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>When this hook is triggered, this module signs the certificate sign
+                  request using a certificate and key on the local disk.</p>
+                <p>Both the <a href="#CASimpleCertificate">CASimpleCertificate</a>
+                  directive and the <a href="#CASimpleKey">CASimpleKey</a>
+                  directive enables the <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_csr.html">mod_csr</a>
+                      </td>
+                      <td>Generate and issue certificates in response to an X509
+                        certificate request.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_pkcs12.html">mod_pkcs12</a>
+                      </td>
+                      <td>Generate public/private key pairs and and issue certificates in response
+                        to a application/x-www-form-urlencoded form request.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_scep.html">mod_scep</a>
+                      </td>
+                      <td>Generate and issue certificates using the SCEP protocol.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_spkac.html">mod_spkac</a>
+                      </td>
+                      <td>Generate and issue certificates using the SPKAC protocol.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_getchain">Get Chain Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>When this hook is triggered, this module returns the intermediate certificate
+                  chain used to sign certificate sign requests, if any and present.</p>
+                <p>The <a href="#CASimpleCertificate">CASimpleCertificate</a>
+                  directive enables the <a href="mod_ca.html#ca_getchain">Get Chain Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_disk.html#ca_getchain">mod_ca_disk</a>
+                      </td>
+                      <td>This hook returns the certificate chain, to be saved to disk
+                        by the <a href="mod_ca_disk.html#ca_getchain">mod_ca_disk</a> module.
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_engine.html#ca_getchain">mod_ca_engine</a>
+                      </td>
+                      <td>This hook returns the certificate chain of a certificate provided by
+                        an OpenSSL provided crypto engine such as a smartcard.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_simple.html#ca_sign">mod_ca_simple</a>
+                      </td>
+                      <td>This hook returns the certificate chain of a certificate provided by
+                        a file on disk.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>When this hook is triggered, this module returns either a random
+                  serial number, or the serial number present in the subject of the
+                  certificate sign request.</p>
+                <p>The <a href="#CASimpleSerialRandom">CASimpleSerialRandom</a>
+                  directive causes the <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a> to return a random serial
+                  number generated by the OpenSSL <code>BN_rand</code> function.</p>
+                <p>The <a href="#CASimpleSerialSubject">CASimpleSerialSubject</a>
+                  directive causes the <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a> to return the serial
+                  number encoded in the subject of a certificate sign request, thus
+                  generating a certificate that cannot be reissued.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_engine.html#ca_makeserial">mod_ca_engine</a>
+                      </td>
+                      <td>This hook signs a given certificate sign request using an
+                        OpenSSL provided crypto engine such as a smartcard, using the
+                        serial number returned by this module.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_simple.html#ca_makeserial">mod_ca_simple</a>
+                      </td>
+                      <td>This hook signs a given certificate sign request, using the
+                        serial number returned by this module.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_timestamp.html">mod_timestamp</a>
+                      </td>
+                      <td>Parse and return responses to RFC3161 Time Stamp Protocol requests.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_gettime">Get Time Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>When this hook is triggered, this module returns the time used to sign
+                  certificate sign requests, derived from the system time.</p>
+                <p>The <a href="#CASimpleTime">CASimpleTime</a>
+                  directive enables the <a href="mod_ca.html#ca_gettime">Get Time Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_simple.html#ca_gettime">mod_ca_simple</a>
+                      </td>
+                      <td>This hook returns the time to be used to sign a certificate sign
+                        request, derived from the system time.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_timestamp.html">mod_timestamp</a>
+                      </td>
+                      <td>Parse and return responses to RFC3161 Time Stamp Protocol requests.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+          </div>
+
+          <div>
+            <img src="../images/mod_ca_simple-2.png" style="width: 100%;" />
+          </div>
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_getca">Get Certificate Authority Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>When this hook is triggered, this module returns the root CA certificate
+                  used to sign certificate sign requests.</p>
+                <p>The <a href="#CASimpleCertificate">CASimpleCertificate</a>
+                  directive enables the <a href="mod_ca.html#ca_getca">Get Certificate Authority Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_ocsp.html">mod_ocsp</a>
+                      </td>
+                      <td>Respond with the revocation status of a certificate.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_scep.html">mod_scep</a>
+                      </td>
+                      <td>Generate and issue certificates using the SCEP protocol.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>When this hook is triggered, this module returns the next root CA certificate
+                  that will in future be used to sign certificate sign requests.</p>
+                <p>The <a href="#CASimpleNextCertificate">CASimpleNextCertificate</a>
+                  directive enables the <a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_scep.html">mod_scep</a>
+                      </td>
+                      <td>Generate and issue certificates using the SCEP protocol.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+          </div>
+
+          <div>
+            <img src="../images/mod_ca_simple-3.png" style="width: 100%;" />
+          </div>
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_makekey">Make Key Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>When this hook is triggered, this module generates and returns a
+                  key pair to be used to sign the certificate sign request.</p>
+                <p>Either the <a href="#CASimpleAlgorithm">CASimpleAlgorithm</a>
+                  directive or the <a href="#CASimpleParamFile">CASimpleParamFile</a>
+                  directive enables the <a href="mod_ca.html#ca_makekey">Make Key Hook</a>
+                  in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_pkcs12.html">mod_pkcs12</a>
+                      </td>
+                      <td>Generate public/private key pairs and and issue certificates in response
+                        to a application/x-www-form-urlencoded form request.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+
+      <section class="wrapper style1 align-center"
+        id="directive-reference">
+        <div class="inner">
+          <h2>Examples</h2>
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>Basic Example</h3>
+              </header>
+              <div class="content">
+                <p>The simplest case: issue a certificate to anybody who wants one.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+  # sign with this certificate...
+  CASimpleCertificate /etc/pki/tls/ca-cert.pem
+  # ...and private key
+  CASimpleKey /etc/pki/tls/ca-key.pem
+  # use system clock as the time source
+  CASimpleTime on
+  # assign a random serial number
+  CASimpleSerialRandom on
+  # add extensions for a typical CA
+  CASimpleExtension basicConstraints CA:FALSE
+  CASimpleExtension keyUsage critical,nonRepudiation,digitalSignature,keyEncipherment
+  CASimpleExtension extendedKeyUsage OID:1.3.6.1.5.5.7.3.2
+  CASimpleExtension subjectKeyIdentifier hash
+  CASimpleExtension authorityKeyIdentifier keyid,issuer
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+  <Location /csr>
+    SetHandler csr
+    # use subject from the certificate sign request unmodified
+    CsrSubjectRequest *
+  </Location>
+</IfModule>
+]]></code></pre>
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+
+      <section class="wrapper style1 align-center"
+        id="directive-reference">
+        <div class="inner">
+          <h2>Directive Reference</h2>
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>CASimpleCertificate Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Filename of certificate chain: signing certificate first, CA certificate last.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleCertificate file</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Set to the filename of the signing certificate, including the
+                  certificate chain: signing certificate first, CA certificate last.
+                </p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleKey Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Filename of the signing key.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleKey file</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Set to the filename of the signing key.
+                </p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleNextCertificate Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Filename of the next CA certificate to follow this one, if any.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleNextCertificate file</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Set to the filename of the next CA certificate to follow this
+                  one, if any.
+                </p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleDays Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Set to the number of days the certificate must be signed for.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleDays days</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>CASimpleDays 365</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Set to the number of days the certificate must be signed for.</p>
+
+                <p>Defaults to 365 days.</p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleSerialRandom Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>When enabled, a random serial number will be allocated.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleSerialRandom flag</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>CASimpleSerialRandom off</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>When enabled, a random serial number will be allocated by the
+                  <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>.
+                </p>
+                
+                <p>The random number is allocated via the OpenSSL <code>BN_rand()</code>
+                  function.
+                </p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleSerialSubject Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>When enabled, the serial number will be allocated from the certificate sign request subject, if present.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleSerialSubject flag</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>CASimpleSerialSubject off</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>When enabled, during the
+                  <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>, the serial
+                  number will be allocated from the <code>serialNumber</code> field of
+                  the certificate sign request subject, if present.
+                </p>
+
+                <p>It is expected that the issuing of the certificate is verified with
+                  the <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+                  to ensure the serial number cannot be duplicated.
+                </p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleTime Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>When enabled, the time will be obtained from the system time.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleTime flag</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>CASimpleTime off</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>When enabled, during the
+                  <a href="mod_ca.html#ca_gettime">Get Time Hook</a>, the time will be
+                  obtained from the system time.
+                </p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleExtension Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Certificate extension to add to the certificate when signed.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleExtension string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Certificate extension to add to the certificate when signed.
+                </p>
+                
+                <p>Examples of certificate extensions include:
+                </p>
+                
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+  CASimpleExtension basicConstraints CA:FALSE
+  CASimpleExtension keyUsage critical,nonRepudiation,digitalSignature,keyEncipherment
+  CASimpleExtension extendedKeyUsage OID:1.3.6.1.5.5.7.3.2
+  CASimpleExtension subjectKeyIdentifier hash
+  CASimpleExtension authorityKeyIdentifier keyid,issuer
+</IfModule>
+]]></code></pre>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleAlgorithm Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>When enabled, private keys will be generated with this algorithm.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleAlgorithm string [ key=value ... ]</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>When enabled, during the
+                  <a href="mod_ca.html#ca_makekey">Make Key Hook</a>, private keys will
+                  be generated with this algorithm.
+                </p>
+
+                <p>Examples of a certificate algorithm include:
+                </p>
+                
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+  CASimpleAlgorithm RSA rsa_keygen_bits=4096
+</IfModule>
+]]></code></pre>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CASimpleParamFile Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>When enabled, private keys will be generated with this parameter file.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CASimpleParamFile file</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_simple</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>When enabled, during the
+                  <a href="mod_ca.html#ca_makekey">Make Key Hook</a>, private keys will
+                  be generated with this parameter file.
+                </p>
+
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+    </div>
+  </body>
+</html>
+



More information about the rs-commit mailing list