[rs-commit] r98 - in /rs-manual/trunk/src/site: resources/images/mod_ca_disk-ca_disk_certstore.png resources/images/mod_ca_disk-ca_disk_getcert.png resources/images/mod_ca_disk-ca_disk_sign.png xhtml5/mod/mod_ca_disk.xhtml5
rs-commit at redwax.eu
rs-commit at redwax.eu
Sun Oct 20 18:49:08 CEST 2019
Author: minfrin at redwax.eu
Date: Sun Oct 20 18:49:08 2019
New Revision: 98
Log:
Add hook implementation reference for mod_ca_disk.
Added:
rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_certstore.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_getcert.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_sign.png (with props)
Modified:
rs-manual/trunk/src/site/xhtml5/mod/mod_ca_disk.xhtml5
Added: rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_certstore.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_certstore.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_getcert.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_getcert.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_sign.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_disk-ca_disk_sign.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: rs-manual/trunk/src/site/xhtml5/mod/mod_ca_disk.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca_disk.xhtml5 (original)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca_disk.xhtml5 Sun Oct 20 18:49:08 2019
@@ -92,7 +92,7 @@
request to disk ready for later processing. Protocols like SCEP provide
a mechanism to register the request for a certificate, and then return
the results when ready.</p>
- <p>The <a href="#CADiskCertificateSignRequestPath">CADiskCertificateSignRequestPath</a>
+ <p>The <a href="#directive-CADiskCertificateSignRequestPath">CADiskCertificateSignRequestPath</a>
directive enables the <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
in <a href="mod_ca_disk.html">mod_ca_disk</a>.</p>
<table>
@@ -137,8 +137,8 @@
<div class="content">
<p>When this hook is triggered, this module saves the newly generated
certificate to a directory.</p>
- <p>Either the <a href="#CADiskCertificateBySerialPath">CADiskCertificateBySerialPath</a>
- directive or the <a href="#CADiskCertificateByTransactionPath">CADiskCertificateByTransactionPath</a>
+ <p>Either the <a href="#directive-CADiskCertificateBySerialPath">CADiskCertificateBySerialPath</a>
+ directive or the <a href="#directive-CADiskCertificateByTransactionPath">CADiskCertificateByTransactionPath</a>
directive enables the <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
in <a href="mod_ca_disk.html">mod_ca_disk</a>.</p>
<table>
@@ -194,8 +194,8 @@
<p>This hook will trigger the
<a href="mod_ca.html#ca_getchain">Get Certificate Chain Hook</a> to add
a certificate chain to the given certificate.</p>
- <p>Either the <a href="#CADiskCertificateBySerialPath">CADiskCertificateBySerialPath</a>
- directive or the <a href="#CADiskCertificateByTransactionPath">CADiskCertificateByTransactionPath</a>
+ <p>Either the <a href="#directive-CADiskCertificateBySerialPath">CADiskCertificateBySerialPath</a>
+ directive or the <a href="#directive-CADiskCertificateByTransactionPath">CADiskCertificateByTransactionPath</a>
directive enables the <a href="mod_ca.html#ca_getcert">Get Certificate Hook</a>
in <a href="mod_ca_disk.html">mod_ca_disk</a>.</p>
<table>
@@ -230,7 +230,7 @@
number after the one stored in the current serial file. The serial
number can optionally be stored in an OpenSSL compatible database
index file.</p>
- <p>The <a href="#CADiskSerialFile">CADiskSerialFile</a>
+ <p>The <a href="#directive-CADiskSerialFile">CADiskSerialFile</a>
directive enables the <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a>
in <a href="mod_ca_disk.html">mod_ca_disk</a>.</p>
<table>
@@ -334,6 +334,147 @@
<section class="wrapper style1 align-center"
+ id="hook-reference">
+ <div class="inner">
+ <h2>Hook Implementation Reference</h2>
+ <p>
+ The following backend hook implementations are provided by this module.
+ </p>
+ <div class="index align-left">
+
+ <section id="hook-ca_disk_sign">
+ <header>
+ <h3><a href="mod_ca.html#ca_sign">Sign Request Save To Disk</a></h3>
+ </header>
+ <div class="content">
+ <p>
+ <img class="image right" src="../images/mod_ca_disk-ca_disk_sign.png" />
+ This hook implementation saves the certificate revocation list to a directory
+ on disk for later processing.</p>
+
+ <p>The <a href="#directive-CADiskCertificateSignRequestPath">CADiskCertificateSignRequestPath</a>
+ directive enables this hook implementation.</p>
+
+ <p>Each certificate sign request is written to a file named after the transaction ID,
+ with the extension <code>csr</code>.</p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_disk_certstore">
+ <header>
+ <h3><a href="mod_ca.html#ca_certstore">Certificate Storage Save To Disk</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_disk-ca_disk_certstore.png" />
+ When this hook implementation is triggered, this module saves the newly generated
+ certificate to a directory.
+ </p>
+
+ <p>
+ If the
+ <a href="#directive-CADiskCertificateBySerialPath">CADiskCertificateBySerialPath</a>
+ directive is used, the certificate is stored in the given directory with
+ the name corresponding to the certificate serial number, and the default
+ extension <code>pem</code>. This matches the behaviour of the
+ <code>new_certs_dir</code> option in an OpenSSL <code>openssl.cnf</code> file.
+ </p>
+
+ <p>
+ Alternatively, if the
+ <a href="#directive-CADiskCertificateByTransactionPath">CADiskCertificateByTransactionPath</a>
+ directive is used, the certificate is stored in the given directory with
+ the name corresponding to the transaction ID and the default extension
+ <code>cert</code>.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_disk_getcert">
+ <header>
+ <h3><a href="mod_ca.html#ca_getcert">Get Certificate From Disk</a></h3>
+ </header>
+ <div class="content">
+ <p>
+ <img class="image right" src="../images/mod_ca_disk-ca_disk_getcert.png" />
+ This hook implementation returns the certificate from a directory
+ on disk written during earlier processing.</p>
+
+ <p>
+ If the
+ <a href="#directive-CADiskCertificateBySerialPath">CADiskCertificateBySerialPath</a>
+ directive is enabled, and the serial number of the certificate has been
+ kept aside during earlier processing, the certificate will be read from
+ a file matching the serial number expressed as a hex value, and the default
+ extension <code>pem</code>.
+ </p>
+
+ <p>
+ Alternatively, if the
+ <a href="#directive-CADiskCertificateByTransactionPath">CADiskCertificateByTransactionPath</a>
+ directive is used, the certificate is read from the given directory with
+ the name corresponding to the transaction ID and the default extension
+ <code>cert</code>.
+ </p>
+
+ <p>
+ This hook will trigger the
+ <a href="mod_ca.html#ca_getchain">Get Certificate Chain Hook</a> to add
+ the certificate chain to the certificate.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_disk_makeserialnext">
+ <header>
+ <h3><a href="mod_ca.html#ca_makeserial">Make Next Serial From Disk</a></h3>
+ </header>
+ <div class="content">
+ <p>
+ <img class="image right" src="../images/mod_ca_disk-ca_disk_makeserialnext.png" />
+ Returns the next serial number from the contents of a file on disk.
+ </p>
+
+ <p>
+ If the <a href="#directive-CADiskSerialFile">CADiskSerialFile</a> directive is enabled,
+ the number in the file is read in, incremented, saved and returned as the
+ serial number for this certificate.
+ </p>
+
+ <p>The serial number file corresponds to and is designed to work with the
+ <code>serial</code> parameter in the <code>openssl.cnf</code> file in
+ OpenSSL.
+ </p>
+
+ <p>
+ If the <a href="#directive-CADiskIndexFile">CADiskIndexFile</a> directive is enabled,
+ the resulting serial number and subject is written to the given index file.
+ The database index file corresponds to and is designed to work with the
+ <code>database</code> parameter in the <code>openssl.cnf</code> file in
+ OpenSSL.
+ </p>
+
+ <p>
+ If the <a href="#directive-CADiskIndexUnique">CADiskIndexUnique</a> directive is
+ enabled, the request will fail if the combination of serial number and
+ subject has been seen before. This option corresponds to the
+ <code>unique_subject</code> option in the OpenSSL <code>openssl.cnf</code>
+ file.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
id="directive-reference">
<div class="inner">
<h2>Directive Reference</h2>
More information about the rs-commit
mailing list