[rs-commit] r90 - in /rs-manual/trunk/src: main/modules.xml site/resources/images/mod_ca_simple-1.png site/resources/images/mod_ca_simple-2.png site/resources/images/mod_ca_simple-3.png site/xhtml5/mod/mod_ca_simple.xhtml5
rs-commit at redwax.eu
rs-commit at redwax.eu
Wed Oct 16 00:34:38 CEST 2019
Author: minfrin at redwax.eu
Date: Wed Oct 16 00:34:38 2019
New Revision: 90
Log:
Add docs for mod_ca_simple.
Added:
rs-manual/trunk/src/site/resources/images/mod_ca_simple-1.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-2.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-3.png (with props)
rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5
Modified:
rs-manual/trunk/src/main/modules.xml
Modified: rs-manual/trunk/src/main/modules.xml
==============================================================================
--- rs-manual/trunk/src/main/modules.xml (original)
+++ rs-manual/trunk/src/main/modules.xml Wed Oct 16 00:34:38 2019
@@ -9,4 +9,5 @@
<module type="backend">mod_ca</module>
<module type="backend">mod_ca_crl</module>
<module type="backend">mod_ca_disk</module>
+ <module type="backend">mod_ca_simple</module>
</modules>
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-1.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-2.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-2.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-3.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-3.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5 Wed Oct 16 00:34:38 2019
@@ -0,0 +1,984 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_ca_simple Module</title>
+ <meta name="description" content="Sign certificates using certificates and keys on disk, generate random serial numbers, return the system time." />
+ <meta name="mod-ca-type" content="backend" />
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Simple Backend Module</h2>
+ <p>Sign certificates using certificates and keys on disk, generate random serial numbers, return the system time.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+
+ <p>This module provides a basic set of signing functions that can be
+ used to sign certificate sign requests.
+ </p>
+
+ <p>
+ Based on the configuration of paths and files, this module
+ performs basic signing of an incoming certificate sign request using
+ a certificate and key stored on disk.
+ </p>
+
+ <p>In addition, this module can generate a random serial number and the
+ system time to be used when signing a certificate.
+ </p>
+
+ <p>The serial number can optionally be extracted from the subject of the
+ certificate, when there is a requirement that certificates within a
+ certificate authority are never reissued.
+ </p>
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_ca_simple</code>
+ module is a
+ <a href="mod_ca.html#backend">backend module</a>
+ and will not do anything useful until
+ <code>mod_ca_simple</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#frontend">frontend modules</a>
+ and optional <a href="mod_ca.html#backend">backend modules</a> listed below. The
+ <code>mod_ca_simple</code>
+ module provides the following hooks, and suitable
+ <a href="mod_ca.html#frontend">frontend modules</a>
+ must be configured to implement each protocol as needed.
+ </p>
+
+ <p>
+ All <a href="mod_ca.html#backend">backend modules</a> run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="../images/mod_ca_simple-1.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>When this hook is triggered, this module signs the certificate sign
+ request using a certificate and key on the local disk.</p>
+ <p>Both the <a href="#CASimpleCertificate">CASimpleCertificate</a>
+ directive and the <a href="#CASimpleKey">CASimpleKey</a>
+ directive enables the <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_csr.html">mod_csr</a>
+ </td>
+ <td>Generate and issue certificates in response to an X509
+ certificate request.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_pkcs12.html">mod_pkcs12</a>
+ </td>
+ <td>Generate public/private key pairs and and issue certificates in response
+ to a application/x-www-form-urlencoded form request.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_scep.html">mod_scep</a>
+ </td>
+ <td>Generate and issue certificates using the SCEP protocol.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_spkac.html">mod_spkac</a>
+ </td>
+ <td>Generate and issue certificates using the SPKAC protocol.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getchain">Get Chain Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>When this hook is triggered, this module returns the intermediate certificate
+ chain used to sign certificate sign requests, if any and present.</p>
+ <p>The <a href="#CASimpleCertificate">CASimpleCertificate</a>
+ directive enables the <a href="mod_ca.html#ca_getchain">Get Chain Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#ca_getchain">mod_ca_disk</a>
+ </td>
+ <td>This hook returns the certificate chain, to be saved to disk
+ by the <a href="mod_ca_disk.html#ca_getchain">mod_ca_disk</a> module.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_getchain">mod_ca_engine</a>
+ </td>
+ <td>This hook returns the certificate chain of a certificate provided by
+ an OpenSSL provided crypto engine such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_sign">mod_ca_simple</a>
+ </td>
+ <td>This hook returns the certificate chain of a certificate provided by
+ a file on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>When this hook is triggered, this module returns either a random
+ serial number, or the serial number present in the subject of the
+ certificate sign request.</p>
+ <p>The <a href="#CASimpleSerialRandom">CASimpleSerialRandom</a>
+ directive causes the <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a> to return a random serial
+ number generated by the OpenSSL <code>BN_rand</code> function.</p>
+ <p>The <a href="#CASimpleSerialSubject">CASimpleSerialSubject</a>
+ directive causes the <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a> to return the serial
+ number encoded in the subject of a certificate sign request, thus
+ generating a certificate that cannot be reissued.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_makeserial">mod_ca_engine</a>
+ </td>
+ <td>This hook signs a given certificate sign request using an
+ OpenSSL provided crypto engine such as a smartcard, using the
+ serial number returned by this module.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_makeserial">mod_ca_simple</a>
+ </td>
+ <td>This hook signs a given certificate sign request, using the
+ serial number returned by this module.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_timestamp.html">mod_timestamp</a>
+ </td>
+ <td>Parse and return responses to RFC3161 Time Stamp Protocol requests.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_gettime">Get Time Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>When this hook is triggered, this module returns the time used to sign
+ certificate sign requests, derived from the system time.</p>
+ <p>The <a href="#CASimpleTime">CASimpleTime</a>
+ directive enables the <a href="mod_ca.html#ca_gettime">Get Time Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_gettime">mod_ca_simple</a>
+ </td>
+ <td>This hook returns the time to be used to sign a certificate sign
+ request, derived from the system time.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_timestamp.html">mod_timestamp</a>
+ </td>
+ <td>Parse and return responses to RFC3161 Time Stamp Protocol requests.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+
+ <div>
+ <img src="../images/mod_ca_simple-2.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getca">Get Certificate Authority Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>When this hook is triggered, this module returns the root CA certificate
+ used to sign certificate sign requests.</p>
+ <p>The <a href="#CASimpleCertificate">CASimpleCertificate</a>
+ directive enables the <a href="mod_ca.html#ca_getca">Get Certificate Authority Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ocsp.html">mod_ocsp</a>
+ </td>
+ <td>Respond with the revocation status of a certificate.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_scep.html">mod_scep</a>
+ </td>
+ <td>Generate and issue certificates using the SCEP protocol.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>When this hook is triggered, this module returns the next root CA certificate
+ that will in future be used to sign certificate sign requests.</p>
+ <p>The <a href="#CASimpleNextCertificate">CASimpleNextCertificate</a>
+ directive enables the <a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_scep.html">mod_scep</a>
+ </td>
+ <td>Generate and issue certificates using the SCEP protocol.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+
+ <div>
+ <img src="../images/mod_ca_simple-3.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_makekey">Make Key Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>When this hook is triggered, this module generates and returns a
+ key pair to be used to sign the certificate sign request.</p>
+ <p>Either the <a href="#CASimpleAlgorithm">CASimpleAlgorithm</a>
+ directive or the <a href="#CASimpleParamFile">CASimpleParamFile</a>
+ directive enables the <a href="mod_ca.html#ca_makekey">Make Key Hook</a>
+ in <a href="mod_ca_simple.html">mod_ca_simple</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_pkcs12.html">mod_pkcs12</a>
+ </td>
+ <td>Generate public/private key pairs and and issue certificates in response
+ to a application/x-www-form-urlencoded form request.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: issue a certificate to anybody who wants one.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+ # add extensions for a typical CA
+ CASimpleExtension basicConstraints CA:FALSE
+ CASimpleExtension keyUsage critical,nonRepudiation,digitalSignature,keyEncipherment
+ CASimpleExtension extendedKeyUsage OID:1.3.6.1.5.5.7.3.2
+ CASimpleExtension subjectKeyIdentifier hash
+ CASimpleExtension authorityKeyIdentifier keyid,issuer
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+ <Location /csr>
+ SetHandler csr
+ # use subject from the certificate sign request unmodified
+ CsrSubjectRequest *
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>CASimpleCertificate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Filename of certificate chain: signing certificate first, CA certificate last.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleCertificate file</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the filename of the signing certificate, including the
+ certificate chain: signing certificate first, CA certificate last.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleKey Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Filename of the signing key.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleKey file</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the filename of the signing key.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleNextCertificate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Filename of the next CA certificate to follow this one, if any.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleNextCertificate file</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the filename of the next CA certificate to follow this
+ one, if any.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleDays Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the number of days the certificate must be signed for.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleDays days</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CASimpleDays 365</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the number of days the certificate must be signed for.</p>
+
+ <p>Defaults to 365 days.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleSerialRandom Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>When enabled, a random serial number will be allocated.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleSerialRandom flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CASimpleSerialRandom off</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>When enabled, a random serial number will be allocated by the
+ <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>.
+ </p>
+
+ <p>The random number is allocated via the OpenSSL <code>BN_rand()</code>
+ function.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleSerialSubject Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>When enabled, the serial number will be allocated from the certificate sign request subject, if present.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleSerialSubject flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CASimpleSerialSubject off</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>When enabled, during the
+ <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>, the serial
+ number will be allocated from the <code>serialNumber</code> field of
+ the certificate sign request subject, if present.
+ </p>
+
+ <p>It is expected that the issuing of the certificate is verified with
+ the <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+ to ensure the serial number cannot be duplicated.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleTime Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>When enabled, the time will be obtained from the system time.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleTime flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CASimpleTime off</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>When enabled, during the
+ <a href="mod_ca.html#ca_gettime">Get Time Hook</a>, the time will be
+ obtained from the system time.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleExtension Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Certificate extension to add to the certificate when signed.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleExtension string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Certificate extension to add to the certificate when signed.
+ </p>
+
+ <p>Examples of certificate extensions include:
+ </p>
+
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ CASimpleExtension basicConstraints CA:FALSE
+ CASimpleExtension keyUsage critical,nonRepudiation,digitalSignature,keyEncipherment
+ CASimpleExtension extendedKeyUsage OID:1.3.6.1.5.5.7.3.2
+ CASimpleExtension subjectKeyIdentifier hash
+ CASimpleExtension authorityKeyIdentifier keyid,issuer
+</IfModule>
+]]></code></pre>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleAlgorithm Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>When enabled, private keys will be generated with this algorithm.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleAlgorithm string [ key=value ... ]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>When enabled, during the
+ <a href="mod_ca.html#ca_makekey">Make Key Hook</a>, private keys will
+ be generated with this algorithm.
+ </p>
+
+ <p>Examples of a certificate algorithm include:
+ </p>
+
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ CASimpleAlgorithm RSA rsa_keygen_bits=4096
+</IfModule>
+]]></code></pre>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CASimpleParamFile Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>When enabled, private keys will be generated with this parameter file.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CASimpleParamFile file</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_simple</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>When enabled, during the
+ <a href="mod_ca.html#ca_makekey">Make Key Hook</a>, private keys will
+ be generated with this parameter file.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
More information about the rs-commit
mailing list