[rs-commit] r107 - /rs-manual/trunk/src/site/xhtml5/mod/mod_ca_engine.xhtml5
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Oct 22 01:24:01 CEST 2019
Author: minfrin at redwax.eu
Date: Tue Oct 22 01:23:59 2019
New Revision: 107
Log:
Link the module integration and hook implementation docs.
Modified:
rs-manual/trunk/src/site/xhtml5/mod/mod_ca_engine.xhtml5
Modified: rs-manual/trunk/src/site/xhtml5/mod/mod_ca_engine.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca_engine.xhtml5 (original)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca_engine.xhtml5 Tue Oct 22 01:23:59 2019
@@ -86,10 +86,23 @@
<p>When this hook is triggered, this module signs the certificate sign
request using a certificate on the local disk, and a key on an HSM or
smartcard using the OpenSSL ENGINE mechanism.</p>
- <p>Both the <a href="#CAEngineCertificate">CAEngineCertificate</a>
- directive and the <a href="#CAEngineKey">CAEngineKey</a>
- directive enables the <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
- in <a href="mod_ca_engine.html">mod_ca_engine</a>.</p>
+ <p>
+ This module provides the following implementations of this hook.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#hook-ca_engine_sign">Engine Sign Request</a>
+ </td>
+ <td>Signs the certificate sign request using a key stored on an HSM
+ or smartcard.</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>This hook is called by the following
+ <a href="mod_ca.html#frontend">frontend modules</a>.
+ </p>
<table>
<tbody>
<tr>
@@ -132,9 +145,9 @@
<div class="content">
<p>When this hook is triggered, this module returns the intermediate certificate
chain used to sign certificate sign requests, if any and present.</p>
- <p>The <a href="#CAEngineCertificate">CAEngineCertificate</a>
- directive enables the <a href="mod_ca.html#ca_getchain">Get Chain Hook</a>
- in <a href="mod_ca_engine.html">mod_ca_engine</a>.</p>
+ <p>
+ This module provides the following implementations of this hook.
+ </p>
<table>
<tbody>
<tr>
@@ -143,6 +156,28 @@
</td>
<td>This hook returns the certificate chain of a certificate provided by
an OpenSSL provided crypto engine such as a smartcard.</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>This hook is called by the following
+ <a href="mod_ca.html#backend">backend modules</a>.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#hook-ca_engine_sign">mod_ca_engine</a>
+ </td>
+ <td>This hook signs a given certificate sign request using an
+ OpenSSL provided crypto engine such as a smartcard, using the
+ serial number returned by this module.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#hook-ca_simple_sign">mod_ca_simple</a>
+ </td>
+ <td>This hook signs a given certificate sign request, using the
+ serial number returned by this module.</td>
</tr>
</tbody>
</table>
@@ -158,16 +193,60 @@
<div class="content">
<p>When this hook is triggered, the
<a href="mod_ca.html#ca_sign">Sign Request Hook</a> asks for a serial
- number to use when signing the certificate.</p>
- <table>
- <tbody>
- <tr>
- <td>
- <a href="mod_ca_simple.html#ca_makeserial">mod_ca_simple</a>
- </td>
- <td>This hook returns a random serial number, or a serial
- number extracted from the certificate subject.
- </td>
+ number to use when signing the certificate.
+ </p>
+ <p>
+ Implementations of this hook are provided by other modules.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#hook-ca_disk_makeserialnext">Make Next Serial From Disk</a>
+ </td>
+ <td>Returns the next serial number from the contents of a file on disk.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#hook-ca_simple_makeserial_subject">Simple Make Serial From Subject</a>
+ </td>
+ <td>Returns the serial number from that embedded within the subject of the
+ certificate sign request.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#hook-ca_simple_makeserial_random">Simple Make Random Serial</a>
+ </td>
+ <td>Returns a random serial number.</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>This hook is called by the following
+ <a href="mod_ca.html#frontend">frontend modules</a> and
+ <a href="mod_ca.html#backend">backend modules</a>.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#hook-ca_engine_sign">mod_ca_engine</a>
+ </td>
+ <td>This hook signs a given certificate sign request using an
+ OpenSSL provided crypto engine such as a smartcard, using the
+ serial number returned by this module.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#hook-ca_simple_sign">mod_ca_simple</a>
+ </td>
+ <td>This hook signs a given certificate sign request, using the
+ serial number returned by this module.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_timestamp.html">mod_timestamp</a>
+ </td>
+ <td>Parse and return responses to RFC3161 Time Stamp Protocol requests.</td>
</tr>
</tbody>
</table>
@@ -184,14 +263,46 @@
<p>When this hook is triggered, the
<a href="mod_ca.html#ca_sign">Sign Request Hook</a> asks for the time
to use when signing the certificate.</p>
- <table>
- <tbody>
- <tr>
- <td>
- <a href="mod_ca_simple.html#ca_gettime">mod_ca_simple</a>
+ <p>
+ Implementations of this hook are provided by other modules.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#hook-ca_gettime">mod_ca_simple</a>
</td>
<td>This hook returns the time to be used to sign a certificate sign
request, derived from the system time.</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>This hook is called by the following
+ <a href="mod_ca.html#frontend">frontend modules</a> and
+ <a href="mod_ca.html#backend">backend modules</a>.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#hook-ca_engine_sign">mod_ca_engine</a>
+ </td>
+ <td>This hook signs a given certificate sign request using an
+ OpenSSL provided crypto engine such as a smartcard, using the
+ serial number returned by this module.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#hook-ca_simple_sign">mod_ca_simple</a>
+ </td>
+ <td>This hook signs a given certificate sign request, using the
+ serial number returned by this module.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_timestamp.html">mod_timestamp</a>
+ </td>
+ <td>Parse and return responses to RFC3161 Time Stamp Protocol requests.</td>
</tr>
</tbody>
</table>
@@ -215,9 +326,22 @@
<div class="content">
<p>When this hook is triggered, this module returns the root CA certificate
used to sign certificate sign requests.</p>
- <p>The <a href="#CAEngineCertificate">CAEngineCertificate</a>
- directive enables the <a href="mod_ca.html#ca_getca">Get Certificate Authority Hook</a>
- in <a href="mod_ca_engine.html">mod_ca_engine</a>.</p>
+ <p>
+ This module provides the following implementations of this hook.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca.html#ca_getca">Engine Get Certificate Authority</a>
+ </td>
+ <td>Returns the certificate authority certificate used to sign the request.</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>This hook is called by the following
+ <a href="mod_ca.html#frontend">frontend modules</a>.
+ </p>
<table>
<tbody>
<tr>
@@ -246,9 +370,23 @@
<div class="content">
<p>When this hook is triggered, this module returns the next root CA certificate
that will in future be used to sign certificate sign requests.</p>
- <p>The <a href="#CAEngineNextCertificate">CAEngineNextCertificate</a>
- directive enables the <a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority Hook</a>
- in <a href="mod_ca_engine.html">mod_ca_engine</a>.</p>
+ <p>
+ This module provides the following implementations of this hook.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca.html#ca_getnextca">Engine Get Next Certificate Authority</a>
+ </td>
+ <td>Returns the next certificate authority certificate that will be used to sign
+ future requests.</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>This hook is called by the following
+ <a href="mod_ca.html#frontend">frontend modules</a>.
+ </p>
<table>
<tbody>
<tr>
More information about the rs-commit
mailing list