[rs-commit] r102 - in /rs-manual/trunk/src/site: resources/images/ xhtml5/mod/
rs-commit at redwax.eu
rs-commit at redwax.eu
Sun Oct 20 23:15:55 CEST 2019
Author: minfrin at redwax.eu
Date: Sun Oct 20 23:15:54 2019
New Revision: 102
Log:
Add the hook reference for mod_ca_simple.
Added:
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getca.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getchain.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getnextca.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_gettime.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makekey.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makeserial_random.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makeserial_subject.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_sign.png (with props)
Modified:
rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getca.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getca.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getchain.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getchain.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getnextca.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_getnextca.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_gettime.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_gettime.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makekey.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makekey.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makeserial_random.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makeserial_random.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makeserial_subject.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_makeserial_subject.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_sign.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_simple-ca_simple_sign.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5 (original)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca_simple.xhtml5 Sun Oct 20 23:15:54 2019
@@ -403,6 +403,214 @@
<section class="wrapper style1 align-center"
+ id="hook-reference">
+ <div class="inner">
+ <h2>Hook Implementation Reference</h2>
+ <p>
+ The following backend hook implementations are provided by this module.
+ </p>
+ <div class="index align-left">
+
+ <section id="hook-ca_simple_sign">
+ <header>
+ <h3><a href="mod_ca.html#ca_sign">Simple Sign Request</a></h3>
+ </header>
+ <div class="content">
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_sign.png" />
+ Signs the certificate sign request using a key stored on disk.
+ </p>
+
+ <p>
+ Both the <a href="#directive-CASimpleCertificate">CASimpleCertificate</a>
+ directive and the <a href="#directive-CASimpleKey">CASimpleKey</a>
+ directive are needed to enable the hook implementation. In addition, both
+ the <a href="mod_ca.html#ca_makeserial">Make Serial Hook</a> and the
+ <a href="mod_ca.html#ca_gettime">Get Time Hook</a> are called to fill
+ in the serial number and signing time for the certificate.
+ </p>
+
+ <p>
+ Each certificate is signed by default for 365 days. This can be controlled by the
+ <a href="#directive-CASimpleDays">CASimpleDays</a> directive. The
+ <a href="#directive-CASimpleExtension">CASimpleExtension</a> directive
+ allows certificate extensions to be added to the certificate.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_simple_getca">
+ <header>
+ <h3><a href="mod_ca.html#ca_getca">Simple Get Certificate Authority</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_getca.png" />
+ Returns the certificate authority certificate used to sign the request.
+ </p>
+
+ <p>
+ The certificate authority certificate is parsed from
+ the <a href="#directive-CASimpleCertificate">CASimpleCertificate</a>
+ directive and returned when requested. This is the last certificate
+ specified in the file.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_simple_getnextca">
+ <header>
+ <h3><a href="mod_ca.html#ca_getnextca">Simple Get Next Certificate Authority</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_getnextca.png" />
+ Returns the next certificate authority certificate that will be used to sign
+ future requests.
+ </p>
+
+ <p>
+ The next certificate authority certificate is parsed from
+ the <a href="#directive-CASimpleNextCertificate">CASimpleNextCertificate</a>
+ directive and returned when requested.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_simple_getchain">
+ <header>
+ <h3><a href="mod_ca.html#ca_getchain">Simple Get Chain</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_getchain.png" />
+ Returns the chain of certificates used to sign the request.
+ </p>
+
+ <p>
+ The certificate chain is parsed from
+ the <a href="#directive-CASimpleCertificate">CASimpleCertificate</a>
+ directive and returned when requested. These are all certificates apart from
+ the last certificate specified in the file.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_simple_makeserial_subject">
+ <header>
+ <h3><a href="mod_ca.html#ca_makeserial">Simple Make Serial From Subject</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_makeserial_subject.png" />
+ Returns the serial number from that embedded within the subject of the
+ certificate sign request.
+ </p>
+
+ <p>
+ This hook implementation is enabled with the
+ <a href="#directive-CASimpleSerialSubject">CASimpleSerialSubject</a>
+ directive. When enabled, the serial number of the certificate is
+ extracted from the serial number embedded in the subject of the certificate
+ sign request.
+ </p>
+
+ <p>
+ This hook implementation is used to generate certificates that cannot
+ be reissued.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_simple_makeserial_random">
+ <header>
+ <h3><a href="mod_ca.html#ca_makeserial">Simple Make Random Serial</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_makeserial_random.png" />
+ Returns a random serial number.
+ </p>
+
+ <p>
+ This hook implementation is enabled with the
+ <a href="#directive-CASimpleSerialRandom">CASimpleSerialRandom</a>
+ directive. When enabled, the serial number of the certificate is
+ chosen at random.
+ </p>
+
+ <p>The random number is allocated via the OpenSSL <code>BN_rand()</code>
+ function.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_simple_makekey">
+ <header>
+ <h3><a href="mod_ca.html#ca_makeserial">Simple Make Key</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_makekey.png" />
+ Returns a generated public/private key pair.
+ </p>
+
+ <p>
+ This hook implementation is enabled with either the
+ <a href="#directive-CASimpleAlgorithm">CASimpleAlgorithm</a> or
+ <a href="#directive-CASimpleParamFile">CASimpleParamFile</a>
+ directives. When enabled, a generated public/private key pair matching
+ either the algorithm or the parameter file is returned when requested.
+ </p>
+
+ <p>
+ The algorithm matches that accepted by the <code>-algorithm</code> option
+ of the <code>genpkey</code> command within OpenSSL. The parameter file is
+ that generated by the <code>-genparam</code> option of the
+ <code>genpkey</code> command within OpenSSL.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="hook-ca_simple_gettime">
+ <header>
+ <h3><a href="mod_ca.html#ca_makeserial">Simple Get Time</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca_simple-ca_simple_gettime.png" />
+ Returns the system time of the machine.
+ </p>
+
+ <p>
+ This hook implementation is enabled with the
+ <a href="#directive-CASimpleTime">CASimpleTime</a> directive. When enabled,
+ the system time of the current machine is returned when requested.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
id="directive-reference">
<div class="inner">
<h2>Directive Reference</h2>
@@ -907,6 +1115,11 @@
be generated with this algorithm.
</p>
+ <p>
+ The algorithm matches that accepted by the <code>-algorithm</code> option
+ of the <code>genpkey</code> command within OpenSSL.
+ </p>
+
<p>Examples of a certificate algorithm include:
</p>
@@ -971,6 +1184,11 @@
be generated with this parameter file.
</p>
+ <p>
+ The parameter file is that generated by the <code>-genparam</code>
+ option of the <code>genpkey</code> command within OpenSSL.
+ </p>
+
</div>
</section>
More information about the rs-commit
mailing list