[rs-commit] r68 - in /rs-manual/trunk: ./ src/ src/site/ src/site/apt/ src/site/docbook/ src/site/fml/ src/site/fr/ src/site/fr/apt/ src/site/fr/fml/ src/site/fr/xdoc/ src/site/markdown/ src/site/resources/ src/site/resources/images/ src/site/xdoc/ src/site/xhtml/ src/site/xhtml5/
rs-commit at redwax.eu
rs-commit at redwax.eu
Sun Sep 1 12:16:09 CEST 2019
Author: minfrin at redwax.eu
Date: Sun Sep 1 12:16:07 2019
New Revision: 68
Log:
Initial import of the rs-manual documentation.
Added:
rs-manual/trunk/pom.xml
rs-manual/trunk/src/
rs-manual/trunk/src/site/
rs-manual/trunk/src/site/apt/
rs-manual/trunk/src/site/apt/format.apt
rs-manual/trunk/src/site/apt/index.apt
rs-manual/trunk/src/site/docbook/
rs-manual/trunk/src/site/docbook/mod_spkac-test.xml
rs-manual/trunk/src/site/fml/
rs-manual/trunk/src/site/fml/faq.fml
rs-manual/trunk/src/site/fr/
rs-manual/trunk/src/site/fr/apt/
rs-manual/trunk/src/site/fr/apt/format.apt
rs-manual/trunk/src/site/fr/apt/index.apt
rs-manual/trunk/src/site/fr/fml/
rs-manual/trunk/src/site/fr/fml/faq.fml
rs-manual/trunk/src/site/fr/xdoc/
rs-manual/trunk/src/site/fr/xdoc/xdoc.xml
rs-manual/trunk/src/site/markdown/
rs-manual/trunk/src/site/resources/
rs-manual/trunk/src/site/resources/images/
rs-manual/trunk/src/site/resources/images/candles-red.jpg (with props)
rs-manual/trunk/src/site/resources/images/menu-lines.png (with props)
rs-manual/trunk/src/site/resources/images/mod_crl.png (with props)
rs-manual/trunk/src/site/resources/images/mod_csr.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ocsp-1.png (with props)
rs-manual/trunk/src/site/resources/images/mod_pkcs12.png (with props)
rs-manual/trunk/src/site/resources/images/mod_scep-1.png (with props)
rs-manual/trunk/src/site/resources/images/mod_scep-2.png (with props)
rs-manual/trunk/src/site/resources/images/mod_scep-3.png (with props)
rs-manual/trunk/src/site/resources/images/mod_spkac-1.png (with props)
rs-manual/trunk/src/site/site.xml
rs-manual/trunk/src/site/site_fr.xml
rs-manual/trunk/src/site/xdoc/
rs-manual/trunk/src/site/xdoc/xdoc.xml
rs-manual/trunk/src/site/xhtml/
rs-manual/trunk/src/site/xhtml5/
rs-manual/trunk/src/site/xhtml5/mod_ca.xhtml5
rs-manual/trunk/src/site/xhtml5/mod_crl.xhtml5
rs-manual/trunk/src/site/xhtml5/mod_csr.xhtml5
rs-manual/trunk/src/site/xhtml5/mod_ocsp.xhtml5
rs-manual/trunk/src/site/xhtml5/mod_pkcs12.xhtml5
rs-manual/trunk/src/site/xhtml5/mod_scep.xhtml5
rs-manual/trunk/src/site/xhtml5/mod_spkac.xhtml5
rs-manual/trunk/src/site/xhtml5/subjects.xhtml5
Modified:
rs-manual/trunk/ (props changed)
Propchange: rs-manual/trunk/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Sun Sep 1 12:16:07 2019
@@ -0,0 +1 @@
+target
Added: rs-manual/trunk/pom.xml
==============================================================================
--- rs-manual/trunk/pom.xml (added)
+++ rs-manual/trunk/pom.xml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,36 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>eu.redwax.rs</groupId>
+ <artifactId>rs-manual</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+
+ <name>Maven</name>
+ <url>http://maven.apache.org/</url>
+ <inceptionYear>2012</inceptionYear>
+
+ <distributionManagement>
+ <site>
+ <id>website</id>
+ <url>scp://webhost.company.com/www/website</url>
+ </site>
+ </distributionManagement>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>3.8.2</version>
+ <configuration>
+ <locales>en,fr</locales>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
+
Added: rs-manual/trunk/src/site/apt/format.apt
==============================================================================
--- rs-manual/trunk/src/site/apt/format.apt (added)
+++ rs-manual/trunk/src/site/apt/format.apt Sun Sep 1 12:16:07 2019
@@ -0,0 +1,602 @@
+ -----
+ The APT format
+ -----
+ The Maven Team
+ -----
+ -----
+
+The APT format
+~~~~~~~~~~~~~~
+
+ In the following section, boxes containing text in typewriter-like font are
+ examples of APT source.
+
+* Document structure
+~~~~~~~~~~~~~~~~~~~~
+
+ A short APT document is contained in a single text file. A longer document
+ may be contained in a ordered list of text files. For instance, first text
+ file contains section 1, second text file contains section 2, and so on.
+
+ [Note:] Splitting the APT document in several text files on a section
+ boundary is not mandatory. The split may occur anywhere.
+ However doing so is recommended because a text file containing a
+ section is by itself a valid APT document.
+
+ A file contains a sequence of paragraphs and ``displays'' (non paragraphs
+ such as tables) separated by open lines.
+
+ A paragraph is simply a sequence of consecutive text lines.
+
++------------------------------------------------------------------------+
+ First line of first paragraph.
+ Second line of first paragraph.
+ Third line of first paragraph.
+
+ Line 1 of paragraph 2 (separated from first paragraph by an open line).
+ Line 2 of paragraph 2.
++------------------------------------------------------------------------+
+
+ The indentation of the first line of a paragraph is the main method used by
+ an APT processor to recognize the type of the paragraph. For example, a
+ section title must not be indented at all.
+
+ A ``plain'' paragraph must be indented by a certain amount of space. For
+ example, a plain paragraph which is not contained in a list may be indented
+ by two spaces.
+
++-------------------------------------------------+
+My section title (not indented).
+
+ My paragraph first line (indented by 2 spaces).
++-------------------------------------------------+
+
+ Indentation is not rigid. Any amount of space will do. You don't even need
+ to use a consistent indentation all over your document. What really matters
+ for an APT processor is whether the paragraph is not indented at all or,
+ when inside a list, whether a paragraph is more or less indented than the
+ first item of the list (more about this later).
+
++-------------------------------------------------------+
+ First paragraph has its first line indented by four
+spaces. Then the author did even bother to indent the
+other lines of the paragraph.
+
+ Second paragraph contains several lines which are all
+ indented by two spaces. This style is much nicer than
+ the one used for the previous paragraph.
++-------------------------------------------------------+
+
+ Note that tabs are expanded with a tab width set to 8.
+
+* Document elements
+~~~~~~~~~~~~~~~~~~~
+
+** Block level elements
+~~~~~~~~~~~~~~~~~~~~~~~
+
+*** Title
+~~~~~~~~~~
+
+ A title is optional. If used, it must appear as the first block of the
+ document.
+
++----------------------------------------------------------------------------+
+ ------
+ Title
+ ------
+ Author
+ ------
+ Date
++----------------------------------------------------------------------------+
+
+ A title block is indented (centering it is nicer). It begins with a line
+ containing at least 3 dashes (<<<--->>>).
+
+ After the first <<<--->>> line, one or several consecutive lines of text
+ (implicit line break after each line) specify the title of the document.
+
+ This text may immediately be followed by another <<<--->>> line and one or
+ several consecutive lines of text which specifies the author of the
+ document.
+
+ The author sub-block may optionaly be followed by a date sub-block using the
+ same syntax.
+
+ The following example is used for a document with an title and a date but
+ with no declared author.
+
++----------------------------------------------------------------------------+
+ ------
+ Title
+ ------
+ ------
+ Date
+ ------
++----------------------------------------------------------------------------+
+
+ The last line is ignored. It is just there to make the block nicer.
+
+*** Paragraph
+~~~~~~~~~~~~~
+
+ Paragraphs other than the title block may appear before the first section.
+
++----------------------+
+ Paragraph 1, line 1.
+ Paragraph 1, line 2.
+
+ Paragraph 2, line 1.
+ Paragraph 2, line 2.
++----------------------+
+
+ Paragraphs are indented. They have already been described in the {{document
+ structure}} section.
+
+*** Section
+~~~~~~~~~~~
+
+ Sections are created by inserting section titles into the document. Simple
+ documents need not contain sections.
+
++-----------------------------------+
+Section title
+
+* Sub-section title
+
+** Sub-sub-section title
+
+*** Sub-sub-sub-section title
+
+**** Sub-sub-sub-sub-section title
++-----------------------------------+
+
+ Section titles are not indented. A sub-section title begins with one
+ asterisk (<<<*>>>), a sub-sub-section title begins with two asterisks
+ (<<<**>>>), and so forth up to four sub-section levels.
+
+*** List
+~~~~~~~~
+
++---------------------------------------+
+ * List item 1.
+
+ * List item 2.
+
+ Paragraph contained in list item 2.
+
+ * Sub-list item 1.
+
+ * Sub-list item 2.
+
+ * List item 3.
++---------------------------------------+
+
+ List items are indented and begin with a asterisk (<<<*>>>).
+
+ Plain paragraphs more indented than the first list item are nested in that
+ list. Displays such as tables (not indented) are always nested in the
+ current list.
+
+ To nest a list inside a list, indent its first item more than its parent
+ list. To end a list, add a paragraph or list item less indented than the
+ current list.
+
+ Section titles always end a list. Displays cannot end a list but the
+ <<<[]>>> pseudo-element may be used to force the end of a list.
+
++------------------------------------+
+ * List item 3.
+ Force end of list:
+
+ []
+
+--------------------------------------------
+Verbatim text not contained in list item 3
+--------------------------------------------
++------------------------------------+
+
+ In the previous example, without the <<<[]>>>, the verbatim text (not
+ indented as all displays) would have been contained in list item 3.
+
+ A single <<<[]>>> may be used to end several nested lists at the same
+ time. The indentation of <<<[]>>> may be used to specify exactly which
+ lists should be ended. Example:
+
++------------------------------------+
+ * List item 1.
+
+ * List item 2.
+
+ * Sub-list item 1.
+
+ * Sub-list item 2.
+
+ []
+
+-------------------------------------------------------------------
+Verbatim text contained in list item 2, but not in sub-list item 2
+-------------------------------------------------------------------
++------------------------------------+
+
+ There are three kind of lists, the bulleted lists we have already described,
+ the numbered lists and the definition lists.
+
++-----------------------------------------+
+ [[1]] Numbered item 1.
+
+ [[A]] Numbered item A.
+
+ [[B]] Numbered item B.
+
+ [[2]] Numbered item 2.
++-----------------------------------------+
+
+ A numbered list item begins with a label beetween two square brackets. The
+ label of the first item establishes the numbering scheme for the whole list:
+
+ [<<<[[1\]\]>>>] Decimal numbering: 1, 2, 3, 4, etc.
+
+ [<<<[[a\]\]>>>] Lower-alpha numbering: a, b, c, d, etc.
+
+ [<<<[[A\]\]>>>] Upper-alpha numbering: A, B, C, D, etc.
+
+ [<<<[[i\]\]>>>] Lower-roman numbering: i, ii, iii, iv, etc.
+
+ [<<<[[I\]\]>>>] Upper-roman numbering: I, II, III, IV, etc.
+
+ The labels of the items other than the first one are ignored. It is
+ recommended to take the time to type the correct label for each item in
+ order to keep the APT source document readable.
+
++-------------------------------------------+
+ [Defined term 1] of definition list 2.
+
+ [Defined term 2] of definition list 2.
++-------------------------------------------+
+
+ A definition list item begins with a defined term: text between square
+ brackets.
+
+*** Verbatim text
+~~~~~~~~~~~~~~~~~
+
++----------------------------------------+
+----------------------------------------
+Verbatim
+ text,
+ preformatted,
+ escaped.
+----------------------------------------
++----------------------------------------+
+
+ A verbatim block is not indented. It begins with a non indented line
+ containing at least 3 dashes (<<<--->>>). It ends with a similar line.
+
+ <<<+-->>> instead of <<<--->>> draws a box around verbatim text.
+
+ Like in HTML, verbatim text is preformatted. Unlike HTML, verbatim text is
+ escaped: inside a verbatim display, markup is not interpreted by the APT
+ processor.
+
+*** Figure
+~~~~~~~~~~
+
++---------------------------+
+[Figure name] Figure caption
++---------------------------+
+
+ A figure block is not indented. It begins with the figure name between
+ square brackets. The figure name is optionally followed by some text: the
+ figure caption.
+
+ The figure name is the pathname of the file containing the figure but
+ without an extension. Example: if your figure is contained in
+ <<</home/joe/docs/mylogo.jpeg>>>, the figure name is
+ <<</home/joe/docs/mylogo>>>.
+
+ If the figure name comes from a relative pathname (recommended practice)
+ rather than from an absolute pathname, this relative pathname is taken to be
+ relative to the directory of the current APT document (a la HTML)
+ rather than relative to the current working directory.
+
+ Why not leave the file extension in the figure name? This is better
+ explained by an example. You need to convert an APT document to PostScript
+ and your figure name is <<</home/joe/docs/mylogo>>>. A APT processor will
+ first try to load <<</home/joe/docs/mylogo.eps>>>. When the desired format
+ is not found, a APT processor tries to convert one of the existing
+ formats. In our example, the APT processor tries to convert
+ <<</home/joe/docs/mylogo.jpeg>>> to encapsulated PostScript.
+
+*** Table
+~~~~~~~~~
+
+ A table block is not indented. It begins with a non indented line containing
+ an asterisk and at least 2 dashes (<<<*-->>>). It ends with a
+ similar line.
+
+ The first line is not only used to recognize a table but also to specify
+ column justification. In the following example,
+
+ * the second asterisk (<<<*>>>) is used to specify that column 1 is
+ centered,
+
+ * the plus sign (<<<+>>>) specifies that column 2 is left aligned,
+
+ * the colon (<<<:>>>) specifies that column 3 is right aligned.
+
+ []
+
++---------------------------------------------+
+*----------*--------------+----------------:
+| Centered | Left-aligned | Right-aligned |
+| cell 1,1 | cell 1,2 | cell 1,3 |
+*----------*--------------+----------------:
+| cell 2,1 | cell 2,2 | cell 2,3 |
+*----------*--------------+----------------:
+Table caption
++---------------------------------------------+
+
+ Rows are separated by a non indented line beginning with <<<*-->>>.
+
+ An optional table caption (non indented text) may immediately follow the
+ table.
+
+ Rows may contain single line or multiple line cells. Each line of cell text
+ is separated from the adjacent cell by the pipe character (<<<|>>>).
+ (<<<|>>> may be used in the cell text if quoted: <<<\\|>>>.)
+
+ The last <<<|>>> is only used to make the table nicer. The first <<<|>>> is
+ not only used to make the table nicer, but also to specify that a grid is to
+ be drawn around table cells.
+
+ The following example shows a simple table with no grid and no caption.
+
++---------------+
+*-----*------*
+ cell | cell
+*-----*------*
+ cell | cell
+*-----*------*
++---------------+
+
+*** Horizontal rule
+~~~~~~~~~~~~~~~~~~~
+
++---------------------+
+=====================
++---------------------+
+
+ A non indented line containing at least 3 equal signs (<<<===>>>).
+
+*** Page break
+~~~~~~~~~~~~~~
+
++---+
+^L
++---+
+
+ A non indented line containing a single form feed character (Control-L).
+
+** Text level elements
+~~~~~~~~~~~~~~~~~~~~~~
+
+*** Font
+~~~~~~~~
+
++-----------------------------------------------------+
+ <Italic> font. <<Bold>> font. <<<Monospaced>>> font.
++-----------------------------------------------------+
+
+ Text between \< and > must be rendered in italic. Text between \<\< and >>
+ must be rendered in bold. Text between \<\<\< and >>> must be rendered using
+ a monospaced, typewriter-like font.
+
+ Font elements may appear anywhere except inside other font elements.
+
+ It is not recommended to use font elements inside titles, section titles,
+ links and defined terms because a APT processor automatically applies
+ appropriate font styles to these elements.
+
+*** Anchor and link
+~~~~~~~~~~~~~~~~~~~
+
++-----------------------------------------------------------------+
+ {Anchor}. Link to {{anchor}}. Link to {{http://www.pixware.fr}}.
+ Link to {{{anchor}showing alternate text}}.
+ Link to {{{http://www.pixware.fr}Pixware home page}}.
++-----------------------------------------------------------------+
+
+ Text between curly braces (<<<\{}>>>) specifies an anchor. Text between
+ double curly braces (<<<\{\{}}>>>) specifies a link.
+
+ It is an error to create a link element that does not refer to an anchor of
+ the same name. The name of an anchor/link is its text with all non
+ alphanumeric characters stripped.
+
+ This rule does not apply to links to <external> anchors. Text beginning
+ with <<<http:/>>>, <<<https:/>>>, <<<ftp:/>>>, <<<file:/>>>, <<<mailto:>>>,
+ <<<../>>>, <<<./>>> (<<<..\\>>> and <<<.\\>>> on Windows) is recognized as
+ an external anchor name.
+
+ When the construct <<\{\{\{>><name><<}>><text><<}}>> is used, the link text
+ <text> may differ from the link name <name>.
+
+ Anchor/link elements may appear anywhere except inside other anchor/link
+ elements.
+
+ Section titles are implicitly defined anchors.
+
+*** Line break
+~~~~~~~~~~~~~~
+
++-------------+
+ Force line\
+ break.
++-------------+
+
+ A backslash character (<<<\\>>>) followed by a newline character.
+
+ Line breaks must not be used inside titles and tables (which are line
+ oriented blocks with implicit line breaks).
+
+*** Non breaking space
+~~~~~~~~~~~~~~~~~~~~~~
+
++----------------------+
+ Non\ breaking\ space.
++----------------------+
+
+ A backslash character (<<<\\>>>) followed by a space character.
+
+*** Special character
+~~~~~~~~~~~~~~~~~~~~~
+
++---------------------------------------------------------------------------+
+ Escaped special characters: \~, \=, \-, \+, \*, \[, \], \<, \>, \{, \}, \\.
++---------------------------------------------------------------------------+
+
+ In certain contexts, these characters have a special meaning and therefore
+ must be escaped if needed as is. They are escaped by adding a backslash in
+ front of them. The backslash may itself be escaped by adding another
+ backslash in front of it.
+
+ Note that an asterisk, for example, needs to be escaped only if its begins a
+ paragraph. (<<<*>>> has no special meaning in the middle of a paragraph.)
+
++--------------------------------------+
+ Copyright symbol: \251, \xA9, \u00a9.
++--------------------------------------+
+
+ Latin-1 characters (whatever is the encoding of the APT document) may be
+ specified by their codes using a backslash followed by one to three octal
+ digits or by using the <<<\x>>><NN> notation, where <NN> are two hexadecimal
+ digits.
+
+ Unicode characters may be specified by their codes using the <<<\u>>><NNNN>
+ notation, where <NNNN> are four hexadecimal digits.
+
+*** Comment
+~~~~~~~~~~~
+
++---------------+
+~~Commented out.
++---------------+
+
+ Text found after two tildes (<<<\~~>>>) is ignored up to the end of line.
+
+ A line of <<<~>>> is often used to ``underline'' section titles in order to
+ make them stand out of other paragraphs.
+
+
+* The APT format at a glance
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+------------------------------------------------------------------------------
+ ------
+ Title
+ ------
+ Author
+ ------
+ Date
+
+ Paragraph 1, line 1.
+ Paragraph 1, line 2.
+
+ Paragraph 2, line 1.
+ Paragraph 2, line 2.
+
+Section title
+
+* Sub-section title
+
+** Sub-sub-section title
+
+*** Sub-sub-sub-section title
+
+**** Sub-sub-sub-sub-section title
+
+ * List item 1.
+
+ * List item 2.
+
+ Paragraph contained in list item 2.
+
+ * Sub-list item 1.
+
+ * Sub-list item 2.
+
+ * List item 3.
+ Force end of list:
+
+ []
+
++------------------------------------------+
+Verbatim text not contained in list item 3
++------------------------------------------+
+
+ [[1]] Numbered item 1.
+
+ [[A]] Numbered item A.
+
+ [[B]] Numbered item B.
+
+ [[2]] Numbered item 2.
+
+ List numbering schemes: [[1]], [[a]], [[A]], [[i]], [[I]].
+
+ [Defined term 1] of definition list.
+
+ [Defined term 2] of definition list.
+
++-------------------------------+
+Verbatim text
+ in a box
++-------------------------------+
+
+ --- instead of +-- suppresses the box around verbatim text.
+
+[Figure name] Figure caption
+
+*----------*--------------+----------------:
+| Centered | Left-aligned | Right-aligned |
+| cell 1,1 | cell 1,2 | cell 1,3 |
+*----------*--------------+----------------:
+| cell 2,1 | cell 2,2 | cell 2,3 |
+*----------*--------------+----------------:
+Table caption
+
+ No grid, no caption:
+
+*-----*------*
+ cell | cell
+*-----*------*
+ cell | cell
+*-----*------*
+
+ Horizontal line:
+
+=======================================================================
+
+^L
+ New page.
+
+ <Italic> font. <<Bold>> font. <<<Monospaced>>> font.
+
+ {Anchor}. Link to {{anchor}}. Link to {{http://www.pixware.fr}}.
+ Link to {{{anchor}showing alternate text}}.
+ Link to {{{http://www.pixware.fr}Pixware home page}}.
+
+ Force line\
+ break.
+
+ Non\ breaking\ space.
+
+ Escaped special characters: \~, \=, \-, \+, \*, \[, \], \<, \>, \{, \}, \\.
+
+ Copyright symbol: \251, \xA9, \u00a9.
+
+~~Commented out.
+
+------------------------------------------------------------------------------
+
Added: rs-manual/trunk/src/site/apt/index.apt
==============================================================================
--- rs-manual/trunk/src/site/apt/index.apt (added)
+++ rs-manual/trunk/src/site/apt/index.apt Sun Sep 1 12:16:07 2019
@@ -0,0 +1,16 @@
+ -----
+ The Site
+ -----
+ The Maven Team
+ -----
+
+Maven Site for your project
+
+ Congratulations! If you are looking at this page then you have successfully generated a
+ template site employing the site archetype and you have run:
+
++-----+
+
+mvn site
+
++-----+
Added: rs-manual/trunk/src/site/docbook/mod_spkac-test.xml
==============================================================================
--- rs-manual/trunk/src/site/docbook/mod_spkac-test.xml (added)
+++ rs-manual/trunk/src/site/docbook/mod_spkac-test.xml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,192 @@
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
+<article>
+
+<section>
+<title>The Top</title>
+<para>The opening sentence.
+</para>
+</section>
+
+<section>
+<title>The Month of May</title>
+<subtitle>Sub title</subtitle>
+<para>
+My summer vacation started on May 14th, right after graduation. Being a
+new, unemployed, and highly-debt-ridden university graduate, I decided
+that I should probably get a job. I spent the vast majority of May
+padding my resume with all sorts of impressive-sounding yet terribly
+obscure skills and accomplishments, and sending those out to any company
+whose name appeared in the phone book.
+</para>
+
+
+<sidebar>This is a sidebar</sidebar>
+
+
+<figure>
+ <title>Sample</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/sample.jpg" format="JPG"/>
+ </imageobject>
+ </mediaobject>
+</figure>
+
+<table frame='all'><title>Sample Table</title>
+<tgroup cols='5' align='left' colsep='1' rowsep='1'>
+<colspec colname='c1'/>
+<colspec colname='c2'/>
+<colspec colname='c3'/>
+<colspec colnum='5' colname='c5'/>
+<thead>
+<row>
+ <entry namest="c1" nameend="c2" align="center">Horizontal Span</entry>
+ <entry>a3</entry>
+ <entry>a4</entry>
+ <entry>a5</entry>
+</row>
+</thead>
+<tfoot>
+<row>
+ <entry>f1</entry>
+ <entry>f2</entry>
+ <entry>f3</entry>
+ <entry>f4</entry>
+ <entry>f5</entry>
+</row>
+</tfoot>
+<tbody>
+<row>
+ <entry>b1</entry>
+ <entry>b2</entry>
+ <entry>b3</entry>
+ <entry>b4</entry>
+ <entry morerows='1' valign='middle'><para> <!-- Pernicous Mixed Content -->
+ Vertical Span</para></entry>
+</row>
+<row>
+ <entry>c1</entry>
+ <entry namest="c2" nameend="c3" align='center' morerows='1' valign='bottom'>Span Both</entry>
+ <entry>c4</entry>
+</row>
+<row>
+ <entry>d1</entry>
+ <entry>d4</entry>
+ <entry>d5</entry>
+</row>
+</tbody>
+</tgroup>
+</table>
+
+
+
+
+<example><title>A DSSSL Function</title>
+<programlisting>
+(define (node-list-filter-by-gi nodelist gilist)
+ ;; Returns the node-list that contains every element of the original
+ ;; nodelist whose gi is in gilist
+ (let loop ((result (empty-node-list)) (nl nodelist))
+ (if (node-list-empty? nl)
+ result
+ (if (member (gi (node-list-first nl)) gilist)
+ (loop (node-list result (node-list-first nl))
+ (node-list-rest nl))
+ (loop result (node-list-rest nl))))))
+</programlisting>
+</example>
+
+
+
+
+</section>
+
+<section>
+<sectioninfo>
+<title>Foo Directive</title>
+</sectioninfo>
+<table frame='all'>
+<tgroup cols='2' align='left' colsep='1' rowsep='1'>
+<tbody>
+<row>
+ <entry>Description</entry>
+ <entry>Foo</entry>
+</row>
+<row>
+ <entry>Syntax</entry>
+ <entry>Foo</entry>
+</row>
+<row>
+ <entry>Default</entry>
+ <entry>Foo</entry>
+</row>
+<row>
+ <entry>Context</entry>
+ <entry>Foo</entry>
+</row>
+<row>
+ <entry>Status</entry>
+ <entry>Foo</entry>
+</row>
+<row>
+ <entry>Module</entry>
+ <entry>Foo</entry>
+</row>
+<row>
+ <entry>Compatibility</entry>
+ <entry>Foo</entry>
+</row>
+</tbody>
+</tgroup>
+</table>
+
+
+
+<variablelist><title>Font Filename Extensions</title>
+<varlistentry><term><filename>TTF</filename></term>
+<listitem>
+<para>
+TrueType fonts.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry><term><filename>PFA</filename></term>
+ <term><filename>PFB</filename></term>
+<listitem>
+<para>
+PostScript fonts. <filename>PFA</filename> files are common on
+<acronym>UNIX</acronym> systems, <filename>PFB</filename> files
+are more common on Windows systems.
+</para>
+</listitem>
+</varlistentry>
+</variablelist>
+
+
+
+<itemizedlist mark='opencircle'>
+<listitem>
+<para>
+TeX and LaTeX
+</para>
+</listitem>
+<listitem override='bullet'>
+<para>
+Troff
+</para>
+</listitem>
+<listitem>
+<para>
+Lout
+</para>
+</listitem>
+</itemizedlist>
+
+
+
+
+</section>
+
+
+</article>
+
Added: rs-manual/trunk/src/site/fml/faq.fml
==============================================================================
--- rs-manual/trunk/src/site/fml/faq.fml (added)
+++ rs-manual/trunk/src/site/fml/faq.fml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+<faqs xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/FML/1.0"
+ xsi:schemaLocation="http://maven.apache.org/FML/1.0 http://maven.apache.org/xsd/fml-1.0.xsd"
+ id="General FAQ">
+ <part id="General">
+ <faq id="where">
+ <question>Where did Maven come from?</question>
+ <answer>
+ <p>
+ Maven was created by a group of software developers who were tired
+ of wasting their time fiddling around with builds and wanted to get
+ down to brass tacks and actually develop software!
+ </p>
+ </answer>
+ </faq>
+ <faq id="why">
+ <question>Why is Maven so wildly popular?</question>
+ <answer>
+ <p>
+ Maven saves you so much time in your software development efforts that
+ you will have time to learn a second language, relax ten hours a
+ day, and train for that marathon you've always wanted to run!
+ </p>
+ </answer>
+ </faq>
+ </part>
+</faqs>
Added: rs-manual/trunk/src/site/fr/apt/format.apt
==============================================================================
--- rs-manual/trunk/src/site/fr/apt/format.apt (added)
+++ rs-manual/trunk/src/site/fr/apt/format.apt Sun Sep 1 12:16:07 2019
@@ -0,0 +1,602 @@
+ -----
+ Le format APT
+ -----
+ L'équipe Maven
+ -----
+ -----
+
+Le format APT
+~~~~~~~~~~~~~
+
+ Dans la section suivante, les boîtes contenant du texte dans la police
+ de type machine à écrire sont des exemples de source APT.
+
+* Structure du document
+~~~~~~~~~~~~~~~~~~~~~~~
+
+ A short APT document is contained in a single text file. A longer document
+ may be contained in a ordered list of text files. For instance, first text
+ file contains section 1, second text file contains section 2, and so on.
+
+ [Note:] Splitting the APT document in several text files on a section
+ boundary is not mandatory. The split may occur anywhere.
+ However doing so is recommended because a text file containing a
+ section is by itself a valid APT document.
+
+ A file contains a sequence of paragraphs and ``displays'' (non paragraphs
+ such as tables) separated by open lines.
+
+ A paragraph is simply a sequence of consecutive text lines.
+
++------------------------------------------------------------------------+
+ First line of first paragraph.
+ Second line of first paragraph.
+ Third line of first paragraph.
+
+ Line 1 of paragraph 2 (separated from first paragraph by an open line).
+ Line 2 of paragraph 2.
++------------------------------------------------------------------------+
+
+ The indentation of the first line of a paragraph is the main method used by
+ an APT processor to recognize the type of the paragraph. For example, a
+ section title must not be indented at all.
+
+ A ``plain'' paragraph must be indented by a certain amount of space. For
+ example, a plain paragraph which is not contained in a list may be indented
+ by two spaces.
+
++-------------------------------------------------+
+My section title (not indented).
+
+ My paragraph first line (indented by 2 spaces).
++-------------------------------------------------+
+
+ Indentation is not rigid. Any amount of space will do. You don't even need
+ to use a consistent indentation all over your document. What really matters
+ for an APT processor is whether the paragraph is not indented at all or,
+ when inside a list, whether a paragraph is more or less indented than the
+ first item of the list (more about this later).
+
++-------------------------------------------------------+
+ First paragraph has its first line indented by four
+spaces. Then the author did even bother to indent the
+other lines of the paragraph.
+
+ Second paragraph contains several lines which are all
+ indented by two spaces. This style is much nicer than
+ the one used for the previous paragraph.
++-------------------------------------------------------+
+
+ Note that tabs are expanded with a tab width set to 8.
+
+* Document elements
+~~~~~~~~~~~~~~~~~~~
+
+** Block level elements
+~~~~~~~~~~~~~~~~~~~~~~~
+
+*** Title
+~~~~~~~~~~
+
+ A title is optional. If used, it must appear as the first block of the
+ document.
+
++----------------------------------------------------------------------------+
+ ------
+ Title
+ ------
+ Author
+ ------
+ Date
++----------------------------------------------------------------------------+
+
+ A title block is indented (centering it is nicer). It begins with a line
+ containing at least 3 dashes (<<<--->>>).
+
+ After the first <<<--->>> line, one or several consecutive lines of text
+ (implicit line break after each line) specify the title of the document.
+
+ This text may immediately be followed by another <<<--->>> line and one or
+ several consecutive lines of text which specifies the author of the
+ document.
+
+ The author sub-block may optionaly be followed by a date sub-block using the
+ same syntax.
+
+ The following example is used for a document with an title and a date but
+ with no declared author.
+
++----------------------------------------------------------------------------+
+ ------
+ Title
+ ------
+ ------
+ Date
+ ------
++----------------------------------------------------------------------------+
+
+ The last line is ignored. It is just there to make the block nicer.
+
+*** Paragraph
+~~~~~~~~~~~~~
+
+ Paragraphs other than the title block may appear before the first section.
+
++----------------------+
+ Paragraph 1, line 1.
+ Paragraph 1, line 2.
+
+ Paragraph 2, line 1.
+ Paragraph 2, line 2.
++----------------------+
+
+ Paragraphs are indented. They have already been described in the {{document
+ structure}} section.
+
+*** Section
+~~~~~~~~~~~
+
+ Sections are created by inserting section titles into the document. Simple
+ documents need not contain sections.
+
++-----------------------------------+
+Section title
+
+* Sub-section title
+
+** Sub-sub-section title
+
+*** Sub-sub-sub-section title
+
+**** Sub-sub-sub-sub-section title
++-----------------------------------+
+
+ Section titles are not indented. A sub-section title begins with one
+ asterisk (<<<*>>>), a sub-sub-section title begins with two asterisks
+ (<<<**>>>), and so forth up to four sub-section levels.
+
+*** List
+~~~~~~~~
+
++---------------------------------------+
+ * List item 1.
+
+ * List item 2.
+
+ Paragraph contained in list item 2.
+
+ * Sub-list item 1.
+
+ * Sub-list item 2.
+
+ * List item 3.
++---------------------------------------+
+
+ List items are indented and begin with a asterisk (<<<*>>>).
+
+ Plain paragraphs more indented than the first list item are nested in that
+ list. Displays such as tables (not indented) are always nested in the
+ current list.
+
+ To nest a list inside a list, indent its first item more than its parent
+ list. To end a list, add a paragraph or list item less indented than the
+ current list.
+
+ Section titles always end a list. Displays cannot end a list but the
+ <<<[]>>> pseudo-element may be used to force the end of a list.
+
++------------------------------------+
+ * List item 3.
+ Force end of list:
+
+ []
+
+--------------------------------------------
+Verbatim text not contained in list item 3
+--------------------------------------------
++------------------------------------+
+
+ In the previous example, without the <<<[]>>>, the verbatim text (not
+ indented as all displays) would have been contained in list item 3.
+
+ A single <<<[]>>> may be used to end several nested lists at the same
+ time. The indentation of <<<[]>>> may be used to specify exactly which
+ lists should be ended. Example:
+
++------------------------------------+
+ * List item 1.
+
+ * List item 2.
+
+ * Sub-list item 1.
+
+ * Sub-list item 2.
+
+ []
+
+-------------------------------------------------------------------
+Verbatim text contained in list item 2, but not in sub-list item 2
+-------------------------------------------------------------------
++------------------------------------+
+
+ There are three kind of lists, the bulleted lists we have already described,
+ the numbered lists and the definition lists.
+
++-----------------------------------------+
+ [[1]] Numbered item 1.
+
+ [[A]] Numbered item A.
+
+ [[B]] Numbered item B.
+
+ [[2]] Numbered item 2.
++-----------------------------------------+
+
+ A numbered list item begins with a label beetween two square brackets. The
+ label of the first item establishes the numbering scheme for the whole list:
+
+ [<<<[[1\]\]>>>] Decimal numbering: 1, 2, 3, 4, etc.
+
+ [<<<[[a\]\]>>>] Lower-alpha numbering: a, b, c, d, etc.
+
+ [<<<[[A\]\]>>>] Upper-alpha numbering: A, B, C, D, etc.
+
+ [<<<[[i\]\]>>>] Lower-roman numbering: i, ii, iii, iv, etc.
+
+ [<<<[[I\]\]>>>] Upper-roman numbering: I, II, III, IV, etc.
+
+ The labels of the items other than the first one are ignored. It is
+ recommended to take the time to type the correct label for each item in
+ order to keep the APT source document readable.
+
++-------------------------------------------+
+ [Defined term 1] of definition list 2.
+
+ [Defined term 2] of definition list 2.
++-------------------------------------------+
+
+ A definition list item begins with a defined term: text between square
+ brackets.
+
+*** Verbatim text
+~~~~~~~~~~~~~~~~~
+
++----------------------------------------+
+----------------------------------------
+Verbatim
+ text,
+ preformatted,
+ escaped.
+----------------------------------------
++----------------------------------------+
+
+ A verbatim block is not indented. It begins with a non indented line
+ containing at least 3 dashes (<<<--->>>). It ends with a similar line.
+
+ <<<+-->>> instead of <<<--->>> draws a box around verbatim text.
+
+ Like in HTML, verbatim text is preformatted. Unlike HTML, verbatim text is
+ escaped: inside a verbatim display, markup is not interpreted by the APT
+ processor.
+
+*** Figure
+~~~~~~~~~~
+
++---------------------------+
+[Figure name] Figure caption
++---------------------------+
+
+ A figure block is not indented. It begins with the figure name between
+ square brackets. The figure name is optionally followed by some text: the
+ figure caption.
+
+ The figure name is the pathname of the file containing the figure but
+ without an extension. Example: if your figure is contained in
+ <<</home/joe/docs/mylogo.jpeg>>>, the figure name is
+ <<</home/joe/docs/mylogo>>>.
+
+ If the figure name comes from a relative pathname (recommended practice)
+ rather than from an absolute pathname, this relative pathname is taken to be
+ relative to the directory of the current APT document (a la HTML)
+ rather than relative to the current working directory.
+
+ Why not leave the file extension in the figure name? This is better
+ explained by an example. You need to convert an APT document to PostScript
+ and your figure name is <<</home/joe/docs/mylogo>>>. A APT processor will
+ first try to load <<</home/joe/docs/mylogo.eps>>>. When the desired format
+ is not found, a APT processor tries to convert one of the existing
+ formats. In our example, the APT processor tries to convert
+ <<</home/joe/docs/mylogo.jpeg>>> to encapsulated PostScript.
+
+*** Table
+~~~~~~~~~
+
+ A table block is not indented. It begins with a non indented line containing
+ an asterisk and at least 2 dashes (<<<*-->>>). It ends with a
+ similar line.
+
+ The first line is not only used to recognize a table but also to specify
+ column justification. In the following example,
+
+ * the second asterisk (<<<*>>>) is used to specify that column 1 is
+ centered,
+
+ * the plus sign (<<<+>>>) specifies that column 2 is left aligned,
+
+ * the colon (<<<:>>>) specifies that column 3 is right aligned.
+
+ []
+
++---------------------------------------------+
+*----------*--------------+----------------:
+| Centered | Left-aligned | Right-aligned |
+| cell 1,1 | cell 1,2 | cell 1,3 |
+*----------*--------------+----------------:
+| cell 2,1 | cell 2,2 | cell 2,3 |
+*----------*--------------+----------------:
+Table caption
++---------------------------------------------+
+
+ Rows are separated by a non indented line beginning with <<<*-->>>.
+
+ An optional table caption (non indented text) may immediately follow the
+ table.
+
+ Rows may contain single line or multiple line cells. Each line of cell text
+ is separated from the adjacent cell by the pipe character (<<<|>>>).
+ (<<<|>>> may be used in the cell text if quoted: <<<\\|>>>.)
+
+ The last <<<|>>> is only used to make the table nicer. The first <<<|>>> is
+ not only used to make the table nicer, but also to specify that a grid is to
+ be drawn around table cells.
+
+ The following example shows a simple table with no grid and no caption.
+
++---------------+
+*-----*------*
+ cell | cell
+*-----*------*
+ cell | cell
+*-----*------*
++---------------+
+
+*** Horizontal rule
+~~~~~~~~~~~~~~~~~~~
+
++---------------------+
+=====================
++---------------------+
+
+ A non indented line containing at least 3 equal signs (<<<===>>>).
+
+*** Page break
+~~~~~~~~~~~~~~
+
++---+
+^L
++---+
+
+ A non indented line containing a single form feed character (Control-L).
+
+** Text level elements
+~~~~~~~~~~~~~~~~~~~~~~
+
+*** Font
+~~~~~~~~
+
++-----------------------------------------------------+
+ <Italic> font. <<Bold>> font. <<<Monospaced>>> font.
++-----------------------------------------------------+
+
+ Text between \< and > must be rendered in italic. Text between \<\< and >>
+ must be rendered in bold. Text between \<\<\< and >>> must be rendered using
+ a monospaced, typewriter-like font.
+
+ Font elements may appear anywhere except inside other font elements.
+
+ It is not recommended to use font elements inside titles, section titles,
+ links and defined terms because a APT processor automatically applies
+ appropriate font styles to these elements.
+
+*** Anchor and link
+~~~~~~~~~~~~~~~~~~~
+
++-----------------------------------------------------------------+
+ {Anchor}. Link to {{anchor}}. Link to {{http://www.pixware.fr}}.
+ Link to {{{anchor}showing alternate text}}.
+ Link to {{{http://www.pixware.fr}Pixware home page}}.
++-----------------------------------------------------------------+
+
+ Text between curly braces (<<<\{}>>>) specifies an anchor. Text between
+ double curly braces (<<<\{\{}}>>>) specifies a link.
+
+ It is an error to create a link element that does not refer to an anchor of
+ the same name. The name of an anchor/link is its text with all non
+ alphanumeric characters stripped.
+
+ This rule does not apply to links to <external> anchors. Text beginning
+ with <<<http:/>>>, <<<https:/>>>, <<<ftp:/>>>, <<<file:/>>>, <<<mailto:>>>,
+ <<<../>>>, <<<./>>> (<<<..\\>>> and <<<.\\>>> on Windows) is recognized as
+ an external anchor name.
+
+ When the construct <<\{\{\{>><name><<}>><text><<}}>> is used, the link text
+ <text> may differ from the link name <name>.
+
+ Anchor/link elements may appear anywhere except inside other anchor/link
+ elements.
+
+ Section titles are implicitly defined anchors.
+
+*** Line break
+~~~~~~~~~~~~~~
+
++-------------+
+ Force line\
+ break.
++-------------+
+
+ A backslash character (<<<\\>>>) followed by a newline character.
+
+ Line breaks must not be used inside titles and tables (which are line
+ oriented blocks with implicit line breaks).
+
+*** Non breaking space
+~~~~~~~~~~~~~~~~~~~~~~
+
++----------------------+
+ Non\ breaking\ space.
++----------------------+
+
+ A backslash character (<<<\\>>>) followed by a space character.
+
+*** Special character
+~~~~~~~~~~~~~~~~~~~~~
+
++---------------------------------------------------------------------------+
+ Escaped special characters: \~, \=, \-, \+, \*, \[, \], \<, \>, \{, \}, \\.
++---------------------------------------------------------------------------+
+
+ In certain contexts, these characters have a special meaning and therefore
+ must be escaped if needed as is. They are escaped by adding a backslash in
+ front of them. The backslash may itself be escaped by adding another
+ backslash in front of it.
+
+ Note that an asterisk, for example, needs to be escaped only if its begins a
+ paragraph. (<<<*>>> has no special meaning in the middle of a paragraph.)
+
++--------------------------------------+
+ Copyright symbol: \251, \xA9, \u00a9.
++--------------------------------------+
+
+ Latin-1 characters (whatever is the encoding of the APT document) may be
+ specified by their codes using a backslash followed by one to three octal
+ digits or by using the <<<\x>>><NN> notation, where <NN> are two hexadecimal
+ digits.
+
+ Unicode characters may be specified by their codes using the <<<\u>>><NNNN>
+ notation, where <NNNN> are four hexadecimal digits.
+
+*** Comment
+~~~~~~~~~~~
+
++---------------+
+~~Commented out.
++---------------+
+
+ Text found after two tildes (<<<\~~>>>) is ignored up to the end of line.
+
+ A line of <<<~>>> is often used to ``underline'' section titles in order to
+ make them stand out of other paragraphs.
+
+
+* The APT format at a glance
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+------------------------------------------------------------------------------
+ ------
+ Title
+ ------
+ Author
+ ------
+ Date
+
+ Paragraph 1, line 1.
+ Paragraph 1, line 2.
+
+ Paragraph 2, line 1.
+ Paragraph 2, line 2.
+
+Section title
+
+* Sub-section title
+
+** Sub-sub-section title
+
+*** Sub-sub-sub-section title
+
+**** Sub-sub-sub-sub-section title
+
+ * List item 1.
+
+ * List item 2.
+
+ Paragraph contained in list item 2.
+
+ * Sub-list item 1.
+
+ * Sub-list item 2.
+
+ * List item 3.
+ Force end of list:
+
+ []
+
++------------------------------------------+
+Verbatim text not contained in list item 3
++------------------------------------------+
+
+ [[1]] Numbered item 1.
+
+ [[A]] Numbered item A.
+
+ [[B]] Numbered item B.
+
+ [[2]] Numbered item 2.
+
+ List numbering schemes: [[1]], [[a]], [[A]], [[i]], [[I]].
+
+ [Defined term 1] of definition list.
+
+ [Defined term 2] of definition list.
+
++-------------------------------+
+Verbatim text
+ in a box
++-------------------------------+
+
+ --- instead of +-- suppresses the box around verbatim text.
+
+[Figure name] Figure caption
+
+*----------*--------------+----------------:
+| Centered | Left-aligned | Right-aligned |
+| cell 1,1 | cell 1,2 | cell 1,3 |
+*----------*--------------+----------------:
+| cell 2,1 | cell 2,2 | cell 2,3 |
+*----------*--------------+----------------:
+Table caption
+
+ No grid, no caption:
+
+*-----*------*
+ cell | cell
+*-----*------*
+ cell | cell
+*-----*------*
+
+ Horizontal line:
+
+=======================================================================
+
+^L
+ New page.
+
+ <Italic> font. <<Bold>> font. <<<Monospaced>>> font.
+
+ {Anchor}. Link to {{anchor}}. Link to {{http://www.pixware.fr}}.
+ Link to {{{anchor}showing alternate text}}.
+ Link to {{{http://www.pixware.fr}Pixware home page}}.
+
+ Force line\
+ break.
+
+ Non\ breaking\ space.
+
+ Escaped special characters: \~, \=, \-, \+, \*, \[, \], \<, \>, \{, \}, \\.
+
+ Copyright symbol: \251, \xA9, \u00a9.
+
+~~Commented out.
+
+------------------------------------------------------------------------------
+
Added: rs-manual/trunk/src/site/fr/apt/index.apt
==============================================================================
--- rs-manual/trunk/src/site/fr/apt/index.apt (added)
+++ rs-manual/trunk/src/site/fr/apt/index.apt Sun Sep 1 12:16:07 2019
@@ -0,0 +1,17 @@
+ -----
+ Le Site
+ -----
+ L'équipe Maven
+ -----
+
+Site Maven pour votre projet
+
+ Félicitations! Si vous regardez cette page alors vous avez
+ généré avec succès un modèle de site en utilisant l'archétype
+ de site et vous avez lancé :
+
++-----+
+
+mvn site
+
++-----+
Added: rs-manual/trunk/src/site/fr/fml/faq.fml
==============================================================================
--- rs-manual/trunk/src/site/fr/fml/faq.fml (added)
+++ rs-manual/trunk/src/site/fr/fml/faq.fml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+<faqs xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/FML/1.0"
+ xsi:schemaLocation="http://maven.apache.org/FML/1.0 http://maven.apache.org/xsd/fml-1.0.xsd"
+ id="FAQ Général">
+ <part id="General">
+ <faq id="where">
+ <question>D'où vient Maven ?</question>
+ <answer>
+ <p>
+ Maven was created by a group of software developers who were tired
+ of wasting their time fiddling around with builds and wanted to get
+ down to brass tacks and actually develop software!
+ </p>
+ </answer>
+ </faq>
+ <faq id="why">
+ <question>Pourquoi Maven est-il si populaire ?</question>
+ <answer>
+ <p>
+ Maven saves you so much time in your software development efforts that
+ you will have time to learn a second language, relax ten hours a
+ day, and train for that marathon you've always wanted to run!
+ </p>
+ </answer>
+ </faq>
+ </part>
+</faqs>
Added: rs-manual/trunk/src/site/fr/xdoc/xdoc.xml
==============================================================================
--- rs-manual/trunk/src/site/fr/xdoc/xdoc.xml (added)
+++ rs-manual/trunk/src/site/fr/xdoc/xdoc.xml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<document xmlns="http://maven.apache.org/XDOC/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
+ <properties>
+ <title>Bienvenue</title>
+ <author email="dev at maven.apache.org">The Maven Team</author>
+ </properties>
+
+ <body>
+ <section name="Bienvenue dans un fichier XDOC!">
+ <p>
+ Ceci est du texte pour le fichier xdoc.
+ </p>
+ </section>
+ </body>
+</document>
+
Added: rs-manual/trunk/src/site/resources/images/candles-red.jpg
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/candles-red.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/menu-lines.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/menu-lines.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_crl.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_crl.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_csr.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_csr.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ocsp-1.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ocsp-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_pkcs12.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_pkcs12.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_scep-1.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_scep-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_scep-2.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_scep-2.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_scep-3.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_scep-3.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_spkac-1.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_spkac-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/site.xml
==============================================================================
--- rs-manual/trunk/src/site/site.xml (added)
+++ rs-manual/trunk/src/site/site.xml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<project name="Maven" xmlns="http://maven.apache.org/DECORATION/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/DECORATION/1.0.0 http://maven.apache.org/xsd/decoration-1.0.0.xsd">
+ <bannerLeft>
+ <name>Redwax Server</name>
+ <src>/images/candles-red.jpg</src>
+ <href>http://redwax.eu/rs/</href>
+ <width>200</width>
+ <height>200</height>
+ </bannerLeft>
+<!--
+ <bannerRight>
+ <src>/images/candles-red.jpg</src>
+ </bannerRight>
+-->
+ <body>
+
+ <breadcrumbs>
+ <item name="Redwax" href="https://redwax.eu/"/>
+ <item name="Redwax Server" href="https://redwax.eu/rs/"/>
+ <item name="Documentation" href="index.html"/>
+ </breadcrumbs>
+
+ <menu name="RS">
+ <item name="About" href="https://redwax.eu/rs/#about"/>
+ <item name="Downloads" href="https://redwax.eu/rs/#downloads"/>
+ <item name="Getting Involved" href="https://redwax.eu/rs/#getting-involved"/>
+ </menu>
+
+ <menu name="Documentation">
+ <item name="Reference" href="index.html"/>
+ <item name="Modules" href="modules.html"/>
+ <item name="Directives" href="directives.html"/>
+ <item name="User Guide" href="userguide.html"/>
+ <item name="FAQ" href="faq.html"/>
+ <item name="Glossary" href="glossary.html"/>
+ <item name="mod_ca Module" href="mod_ca.html"/>
+ <item name="mod_crl Module" href="mod_crl.html"/>
+ <item name="mod_csr Module" href="mod_csr.html"/>
+ <item name="mod_ocsp Module" href="mod_ocsp.html"/>
+ <item name="mod_pkcs12 Module" href="mod_pkcs12.html"/>
+ <item name="mod_scep Module" href="mod_scep.html"/>
+ <item name="mod_spkac Module" href="mod_spkac.html"/>
+ </menu>
+
+ <links>
+ <item name="Home - Redwax Project" href="https://redwax.eu/" />
+ <item name="Jira - Redwax Project" href="https://jira.redwax.eu/"/>
+ <item name="Source - Redwax Project" href="https://source.redwax.eu/"/>
+ <item name="CI - Redwax Project" href="https://ci.redwax.eu/"/>
+ </links>
+
+ </body>
+
+ <skin>
+ <groupId>eu.redwax.maven.skin</groupId>
+ <artifactId>maven-redwax-skin</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </skin>
+
+ <custom>
+ <redwaxSkin>
+ <bannerStyle>spotlight style2 orient-right content-align-right image-position-left</bannerStyle>
+ <topBarStyle>invert</topBarStyle>
+ <topBarIcon>
+ <name>Redwax</name>
+ <alt>Redwax</alt>
+ <src>/images/menu-lines.png</src>
+ <href>/index.html</href>
+ </topBarIcon>
+
+ <icons>
+ <quora>https://quora.com/redwax</quora>
+ <twitter>https://twitter.com/redwaxproject</twitter>
+ </icons>
+ </redwaxSkin>
+ </custom>
+
+</project>
Added: rs-manual/trunk/src/site/site_fr.xml
==============================================================================
--- rs-manual/trunk/src/site/site_fr.xml (added)
+++ rs-manual/trunk/src/site/site_fr.xml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<project name="Maven" xmlns="http://maven.apache.org/DECORATION/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/DECORATION/1.0.0 http://maven.apache.org/xsd/decoration-1.0.0.xsd">
+ <bannerLeft>
+ <name>Maven</name>
+ <src>http://maven.apache.org/images/apache-maven-project.png</src>
+ <href>http://maven.apache.org/</href>
+ </bannerLeft>
+ <bannerRight>
+ <src>http://maven.apache.org/images/maven-small.gif</src>
+ </bannerRight>
+
+ <body>
+ <links>
+ <item name="Apache" href="http://www.apache.org/" />
+ <item name="Maven 1.0" href="http://maven.apache.org/"/>
+ <item name="Maven 2" href="http://maven.apache.org/maven2/"/>
+ </links>
+
+ <menu name="Maven 2.0">
+ <item name="Format APT" href="format.html"/>
+ <item name="FAQ" href="faq.html"/>
+ <item name="Exemple Xdoc" href="xdoc.html"/>
+ </menu>
+ </body>
+</project>
Added: rs-manual/trunk/src/site/xdoc/xdoc.xml
==============================================================================
--- rs-manual/trunk/src/site/xdoc/xdoc.xml (added)
+++ rs-manual/trunk/src/site/xdoc/xdoc.xml Sun Sep 1 12:16:07 2019
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<document xmlns="http://maven.apache.org/XDOC/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
+ <properties>
+ <title>Welcome</title>
+ <author email="dev at maven.apache.org">The Maven Team</author>
+ </properties>
+
+ <body>
+ <section name="Welcome to an XDOC file!">
+ <p>
+ This is some text for the xdoc file.
+ </p>
+ </section>
+ </body>
+</document>
+
Added: rs-manual/trunk/src/site/xhtml5/mod_ca.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod_ca.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod_ca.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>Virtual Library</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h2>My Header</h2>
+ </header>
+ <div class="content">
+ <p>Moved to <a href="http://example.org/">example.org</a>.</p>
+
+<table>
+<tbody>
+<tr>
+ <td>Description</td>
+ <td>Foo</td>
+</tr>
+<tr>
+ <td>Syntax</td>
+ <td>Foo</td>
+</tr>
+<tr>
+ <td>Default</td>
+ <td>Foo</td>
+</tr>
+<tr>
+ <td>Context</td>
+ <td>Foo</td>
+</tr>
+<tr>
+ <td>Status</td>
+ <td>Foo</td>
+</tr>
+<tr>
+ <td>Module</td>
+ <td>Foo</td>
+</tr>
+<tr>
+ <td>Compatibility</td>
+ <td>Foo</td>
+</tr>
+</tbody>
+</table>
+
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
Added: rs-manual/trunk/src/site/xhtml5/mod_crl.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod_crl.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod_crl.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,313 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_crl Module</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Certificate Revocation List Module</h2>
+ <p>Generate and return a certificate revocation list as a response.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ Based on configuration of the backend modules, the certificate chain
+ is returned as a DER or PEM encoded certificate revocation list as
+ per <a href="https://tools.ietf.org/html/rfc5280">RFC5280</a>.
+ </p>
+
+<!-- support the Accept header -->
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_crl</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_crl</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_crl</code>
+ module uses the following hook to get the certificate revocation list, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All <a href="mod_ca.html#frontend">frontend modules</a> run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="images/mod_crl.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getcrl">Certificate Revocation List Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns the certificate revocation list for the configured
+ certificate authority.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_crl.html#ca_getcrl">mod_ca_crl</a>
+ </td>
+ <td>Read the certificate sign request from disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: return the certificate revocation list to anybody who wants one.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_crl.c>
+ # return this crl
+ CACRLCertificateRevocationList /etc/pki/tls/ca-crl.pem
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_crl.c>
+ <Location /crl>
+ SetHandler crl
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>CrlFreshness Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>The max-age of the certificate revocation list will be divided by this
+ factor.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CrlFreshness factor [max-seconds]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CrlFreshness 2 86400</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_crl</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_crl 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>The age of the certificate revocation list will be divided by this
+ factor when added as a max-age, set
+ to zero to disable. Defaults to "2". An optional maximum value
+ can be specified, defaults
+ to one day.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CrlLocation Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CrlLocation url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CrlLocation [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_crl</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_crl 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CrlEncoding Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the default encoding to be returned if not specified.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CrlEncoding encoding</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CrlEncoding der</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_crl</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_crl 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the default encoding to be returned if not specified. Must be
+ one of "pem", "x-pem" or "der".
+ </p>
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
Added: rs-manual/trunk/src/site/xhtml5/mod_csr.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod_csr.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod_csr.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,803 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_csr Module</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Certificate Sign Request Module</h2>
+ <p>Generate and issue certificates in response to an X509
+ certificate request.</p>
+
+ <div class="index align-left">
+
+
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+ <p>
+ This module accepts a
+ <code>application/x-www-form-urlencoded</code>
+ form submission request
+ containing a PEM encoded PKCS10 X509 certificate request among further
+ optional
+ parameters.
+ </p>
+
+ <p>Based on configuration, parameters can be passed from the
+ incoming certificate sign request,
+ optional form parameters, or explicit expressions, and a new
+ certificate sign request with
+ acceptable parameters is passed to suitably configured backend modules
+ for request authorisation,
+ certificate signing and issuing, and certificate storage.</p>
+
+ <p>
+ The resulting certificate chain is returned by default as a DER
+ encoded PKCS7
+ certificate. If the
+ <code>Accept</code>
+ header is given in the request and set
+ to
+ <code>application/pkcs7-mime</code>
+ , the certificate chain is returned as a PEM encoded
+ PKCS7 certificate instead.
+ </p>
+
+ <p>
+ This module can be configured to respond to
+ <a
+ href="https://blogs.msdn.microsoft.com/ieinternals/2010/05/14/certificate-enrollment-from-the-browser/">
+ CertEnroll requests</a>
+ as supported by Microsoft Internet Explorer.
+ </p>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_csr</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_csr</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_csr</code>
+ module uses the following hooks to authorise, sign/issue and
+ store a
+ certificate, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All <a href="mod_ca.html#frontend">frontend modules</a> run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="images/mod_csr.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows you to verify the parameters
+ included with the certificate sign request, such as the
+ challenge password. If left unconfigured, all certificate
+ requests will be accepted.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_reqauthz">mod_ca_ldap</a>
+ </td>
+ <td>Allows the certificate sign request to be verified
+ against an LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hooks signs the certificate sign request and returns the
+ issued certificate. The hook is mandatory, and the request will
+ be rejected if left unconfigured.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#ca_sign">mod_ca_disk</a>
+ </td>
+ <td>Allows certificate sign requests to be saved to disk for
+ later out of band processing. The response will redirect the
+ caller to where the certificate can be collected.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_sign">mod_ca_engine</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by an HSM
+ such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_sign">mod_ca_simple</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by a
+ certificate and key specified on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows the newly generated certificate to
+ be stored locally or in a database or directory. If left
+ unconfigured, no local copy of the certificate will be stored.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_certstore">mod_ca_ldap</a>
+ </td>
+ <td>Saves the newly issued PKCS7 certificate and chain to an
+ LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: issue a certificate to anybody who wants one.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+ <Location /csr>
+ SetHandler csr
+ # use subject from the certificate sign request unmodified
+ CsrSubjectRequest *
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Logged In Example</h3>
+ </header>
+ <div class="content">
+ <p>A more typical scenario: issue a certificate to a logged in user.</p>
+ <p>In this example it is assumed that Apache configuration exists that
+ authenticates a user against a database, directory, a token, or a previous
+ certificate.
+ </p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+ <Location /csr>
+ SetHandler csr
+ # standard Apache authorisation
+ Require valid-user
+ # set the common name to the logged in username
+ CsrSubjectSet CN %{REMOTE_USER}
+ # set a fixed OU field in the subject
+ CsrSubjectSet OU "Terms and Conditions Apply"
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>CsrFreshness Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>The max-age of the certificates will be divided by this
+ factor.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrFreshness factor [max-seconds]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CsrFreshness 2 86400</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>The age of the certificates will be divided by this factor
+ when added as a max-age, set
+ to zero to disable. Defaults to "2". An optional maximum value
+ can be specified, defaults
+ to one day.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrLocation Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrLocation url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CsrLocation [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrParamPkcs10 Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the name of the form parameter containing the PEM
+ encoded PKCS10 certificate sign request.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrParamPkcs10 param</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CsrParamPkcs10 pkcs10</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the name of the form parameter containing the PEM encoded
+ PKCS10 certificate sign request.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrParamChallenge Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the name of the form parameter containing the
+ challenge.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrParamChallenge param</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CsrParamChallenge challenge</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the name of the form parameter containing the challenge,
+ if not present in the certificate sign request.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrSize Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the maximum size of the form submitted by the
+ client.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrSize bytes</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CsrSize 131072</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the maximum size of the form request from the client.
+ This value cannot be smaller than 4096 bytes.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrSubjectAltNameRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify fields in the certificate request subject
+ alternative name that will be copied over to the
+ certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrSubjectAltNameRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify fields in the certificate request subject alternative name that will
+ be copied over to the certificate, with optional limit to the
+ number of fields that may appear.</p>
+
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrSubjectAltNameSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject alternative name.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrSubjectAltNameSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject alternative name.</p>
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrSubjectRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify fields in the certificate request subject that
+ will be copied over to the certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrSubjectRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CsrSubjectRequest field 1</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify fields in the certificate request subject that will
+ be copied over to the certificate, with optional limit to the
+ number of fields that may appear.</p>
+
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CsrSubjectSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CsrSubjectSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_csr</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_csr 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject. Subject attribute name is configured first, then
+ the expression.</p>
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
Added: rs-manual/trunk/src/site/xhtml5/mod_ocsp.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod_ocsp.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod_ocsp.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,874 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_ocsp Module</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Online Certificate Status Protocol Module</h2>
+ <p>Respond with the revocation status of a certificate.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ Based on configuration of the backend modules, an Online Certificate
+ Status Protocol response is returned for the given certificate as
+ per <a href="https://tools.ietf.org/html/rfc6960">RFC6960</a>.
+ </p>
+
+<!-- support the Accept header -->
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_ocsp</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_ocsp</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_ocsp</code>
+ module uses the following hook to check the certificate status against
+ the certificate revocation list, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All <a href="mod_ca.html#frontend">frontend modules</a> run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="images/mod_ocsp-1.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getca">Get CA Certificate Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns CA certificates for the given CA.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_getca">mod_ca_engine</a>
+ </td>
+ <td>Returns CA certificates that would sign certificate sign requests by an HSM
+ such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_getca">mod_ca_simple</a>
+ </td>
+ <td>Returns CA certificates that would sign certificate sign requests by a
+ certificate and key specified on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getcertstatus">Certificate Status Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns the certificate status for the given certificate.
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_crl.html#ca_getcertstatus">mod_ca_crl</a>
+ </td>
+ <td>Check the certificate status against the certificate sign request from disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: return the certificate revocation list to anybody who wants one.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_crl.c>
+ # return this crl
+ CACRLCertificateRevocationList /etc/pki/tls/ca-crl.pem
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_ocsp.c>
+ <Location /ocsp>
+ SetHandler ocsp
+ OcspSigningCertificate /etc/pki/tls/ocsp.cert
+ OcspSigningKey /etc/pki/tls/ocsp.key
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>OcspSigningCertificate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the signing certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspSigningCertificate filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the signing certificate.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspSigningKey Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the signing key.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspSigningKey filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the signing key.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspOtherCertificates Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of a file containing other certificates to add to the response.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspOtherCertificates filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of a file containing other certificates to add to the response.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspSize Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the maximum size of the OCSP request from the
+ client.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspSize bytes</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>OcspSize 131072</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the maximum size of the OCSP request from the client.
+ This value cannot be smaller than 4096 bytes.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspLocation Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspLocation url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>OcspLocation [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspNextUpdate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the number of seconds until the next update.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspNextUpdate seconds</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>OcspNextUpdate 0</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the number of seconds until the next update. Defaults
+ to zero (to disable).</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspNoCertificates Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to 'on' to suppress the sending of certificates in the response.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspNoCertificates flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>OcspNoCertificates off</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to 'on' to suppress the sending of certificates in the
+ response. Defaults to 'off'.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspIdentifyByKeyID Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to 'on' to identify the signer certificate by key ID.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspIdentifyByKeyID flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>OcspIdentifyByKeyID off</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to 'on' to identify the signer certificate by key ID. Defaults
+ to 'off' for subject name.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspOverrideReason Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Mark all certificates as revoked, giving this reason.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspOverrideReason string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Mark all certificates as revoked, giving this reason.
+ </p>
+
+ <p>Reasons must be one of:
+ </p>
+
+ <ul>
+ <li>unspecified</li>
+ <li>keyCompromise</li>
+ <li>CACompromise</li>
+ <li>affiliationChanged</li>
+ <li>superseded</li>
+ <li>cessationOfOperation</li>
+ <li>certificateHold</li>
+ <li>removeFromCRL</li>
+ </ul>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspOverrideRevocationTime Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If all certificates are revoked, add this revocation time.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspOverrideRevocationTime YYYYMMDDHHMMSSZ</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>None</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If all certificates are revoked, add this revocation time, formatted
+ as per http://tools.ietf.org/html/rfc2459#section-4.1.2.5.2
+ (YYYYMMDDHHMMSSZ)</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspOverrideInvalidityDate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If all certificates are revoked, add this invalidity date.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspOverrideInvalidityDate YYYYMMDDHHMMSSZ</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>None</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If all certificates are revoked, add this invalidity date, formatted
+ as per http://tools.ietf.org/html/rfc2459#section-4.1.2.5.2
+ (YYYYMMDDHHMMSSZ)
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspOverrideHoldInstruction Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If all certificates are revoked, add this hold instruction.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspOverrideHoldInstruction string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If all certificates are revoked, add this hold instruction, formatted
+ as an OID.
+ </p>
+
+ <p>Instructions must be one of:
+ </p>
+
+ <ul>
+ <li>holdInstructionCallIssuer</li>
+ <li>holdInstructionReject</li>
+ </ul>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>OcspFreshness Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>The max-age of the certificate revocation list will be divided by this
+ factor.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>OcspFreshness factor [max-seconds]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>OcspFreshness 2 86400</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ocsp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ocsp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>The age of the certificate revocation list will be divided by this
+ factor when added as a max-age, set
+ to zero to disable. Defaults to "2". An optional maximum value
+ can be specified, defaults
+ to one day.</p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
Added: rs-manual/trunk/src/site/xhtml5/mod_pkcs12.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod_pkcs12.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod_pkcs12.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,1003 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_pkcs12 Module</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>PKCS12 Module</h2>
+ <p>Generate public/private key pairs and and issue certificates in response
+ to a <code>application/x-www-form-urlencoded</code> form request.</p>
+
+ <div class="index align-left">
+
+
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+ <p>
+ This module accepts a
+ <code>application/x-www-form-urlencoded</code>
+ form submission request
+ containing optional parameters.
+ </p>
+
+ <p>Based on configuration, optional form parameters can be passed from the
+ incoming request, or explicit expressions, and a new
+ certificate sign request with
+ acceptable parameters is passed to suitably configured backend modules
+ for request authorisation,
+ certificate signing and issuing, and certificate storage.</p>
+
+ <p>
+ The resulting certificate chain and private key is returned as a DER
+ encoded PKCS12
+ certificate and key.
+ </p>
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_pkcs12</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_pkcs12</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_pkcs12</code>
+ module uses the following hooks to authorise, sign/issue and
+ store a
+ certificate, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All <a href="mod_ca.html#frontend">frontend modules</a> run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="images/mod_pkcs12.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows you to verify the parameters
+ included with the certificate sign request, such as the
+ challenge password. If left unconfigured, all certificate
+ requests will be accepted.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_reqauthz">mod_ca_ldap</a>
+ </td>
+ <td>Allows the certificate sign request to be verified
+ against an LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_makekey">Make Key Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook generates a public/private key pair. The hook is
+ mandatory, and the request will be rejected if left unconfigured.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_makekey">mod_ca_simple</a>
+ </td>
+ <td>Generates a public/private key.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hooks signs the certificate sign request and returns the
+ issued certificate. The hook is mandatory, and the request will
+ be rejected if left unconfigured.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#ca_sign">mod_ca_disk</a>
+ </td>
+ <td>Allows certificate sign requests to be saved to disk for
+ later out of band processing. The response will redirect the
+ caller to where the certificate can be collected.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_sign">mod_ca_engine</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by an HSM
+ such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_sign">mod_ca_simple</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by a
+ certificate and key specified on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows the newly generated certificate to
+ be stored locally or in a database or directory. If left
+ unconfigured, no local copy of the certificate will be stored.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_certstore">mod_ca_ldap</a>
+ </td>
+ <td>Saves the newly issued PKCS7 certificate and chain to an
+ LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: issue a certificate to anybody who wants one.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_pkcs12.c>
+ <Location /pkcs12>
+ SetHandler pkcs12
+ # use subject from the certificate sign request unmodified
+ Pkcs12SubjectRequest *
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Logged In Example</h3>
+ </header>
+ <div class="content">
+ <p>A more typical scenario: issue a certificate to a logged in user.</p>
+ <p>In this example it is assumed that Apache configuration exists that
+ authenticates a user against a database, directory, a token, or a previous
+ certificate.
+ </p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_pkcs12.c>
+ <Location /pkcs12>
+ SetHandler pkcs12
+ # standard Apache authorisation
+ Require valid-user
+ # set the common name to the logged in username
+ Pkcs12SubjectSet CN %{REMOTE_USER}
+ # set a fixed OU field in the subject
+ Pkcs12SubjectSet OU "Terms and Conditions Apply"
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Pkcs12Size Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the maximum size of the form submitted by the
+ client.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12Size bytes</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12Size 131072</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the maximum size of the form request from the client.
+ This value cannot be smaller than 4096 bytes.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12ParamChallenge Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the name of the form parameter containing the
+ challenge.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12ParamChallenge param</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12ParamChallenge challenge</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the name of the form parameter containing the challenge.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12ParamNickname Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the request variable from the client containing the certificate nickname..</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12ParamNickname param</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12ParamNickname challenge</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the request variable from the client containing the certificate nickname. Overrides the Pkcs12Nickname directive.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12Location Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12Location url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12Location [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12SubjectAltNameRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify parameters in the form that will be copied over to the
+ certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12SubjectAltNameRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify parameters in the form that will
+ be copied over to the certificate, with optional limit to the
+ number of fields that may appear.</p>
+
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12SubjectAltNameSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject alternative name.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12SubjectAltNameSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject alternative name.</p>
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12SubjectRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify parameters in the request that
+ will be copied over to the subject in the certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12SubjectRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12SubjectRequest field 1</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify parameters in the request that will
+ be copied over to the certificate's subject, with optional limit to the
+ number of fields that may appear.</p>
+
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12SubjectSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>PkcsSubjectSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject. Subject attribute name is configured first, then
+ the expression.</p>
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12Iterate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the number of iterations.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12Iterate iterations</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12Iterate 2048</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the number of iterations. Defaults to 2048.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12Digest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the mac digest used on the PKCS12.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12Digest digest</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12Digest SHA256</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the mac digest used on the PKCS12. Defaults to SHA256.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12CertificatePBE Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify the certificate PBE algorithm.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12CertificatePBE algorithm</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12CertificatePBE PBE-SHA1-3DES</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify the certificate PBE algorithm. Defaults to PBE-SHA1-3DES.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12KeyPBE Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify the key PBE algorithm.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12KeyPBE algorithm</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12KeyPBE PBE-SHA1-3DES</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify the key PBE algorithm. Defaults to PBE-SHA1-3DES.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Pkcs12Nickname Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to an expression that resolves to the nickname of the certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Pkcs12Nickname name</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Pkcs12Nickname certificate</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_pkcs12</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_pkcs12 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to an expression that resolves to the nickname of the certificate. Defaults to "certificate".</p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
Added: rs-manual/trunk/src/site/xhtml5/mod_scep.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod_scep.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod_scep.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,1003 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_scep Module</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Simple Certificate Enrollment Protocol Module</h2>
+ <p>Generate and issue certificates using the SCEP protocol.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+ <p>
+ This module implements a <a href="https://tools.ietf.org/html/draft-gutmann-scep-14">
+ Simple Certificate Enrollment Protocol</a> endpoint that is capable of signing
+ and issuing certificates on behalf of a suitable client.
+ </p>
+
+ <p>Based on configuration, parameters can be passed from the
+ incoming certificate sign request embedded within the SCEP request, or explicit expressions, and a new
+ certificate sign request with
+ acceptable parameters is passed to suitably configured backend modules
+ for request authorisation,
+ certificate signing and issuing, and certificate storage.</p>
+
+ <p>
+ The following SCEP operations are supported:
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>GetCACaps</td><td>SCEP CA capabilities.</td>
+ </tr>
+ <tr>
+ <td>GetCACert</td><td>Return the CA certificate and RA certificate for this CA.</td>
+ </tr>
+ <tr>
+ <td>GetNextCACert</td><td>Return the next CA certificate that will be used for future signing.</td>
+ </tr>
+ <tr>
+ <td>PKIOperation PKCSReq</td><td>Request a certificate via a certificate sign request.</td>
+ </tr>
+ <tr>
+ <td>PKIOperation CertPoll (GetCertInitial)</td><td>Poll for a certificate that was previously requested.</td>
+ </tr>
+ <tr>
+ <td>PKIOperation GetCert</td><td>Request a copy of a previously issued certificate.</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ This module can be configured to respond to SCEP client requests as implemented
+ by iOS and MacOS.
+ </p>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_scep</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_scep</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_scep</code>
+ module uses the following hooks to authorise, sign/issue and
+ store a
+ certificate, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All
+ <a href="mod_ca.html#frontend">frontend modules</a>
+ run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="images/mod_scep-1.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows you to verify the parameters
+ included with the certificate sign request, such as the
+ challenge password. If left unconfigured, all certificate
+ requests will be accepted.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_reqauthz">mod_ca_ldap</a>
+ </td>
+ <td>Allows the certificate sign request to be verified
+ against an LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hooks signs the certificate sign request and returns the
+ issued certificate. The hook is mandatory, and the request will
+ be rejected if left unconfigured.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#ca_sign">mod_ca_disk</a>
+ </td>
+ <td>Allows certificate sign requests to be saved to disk for
+ later out of band processing. The response will redirect the
+ caller to where the certificate can be collected.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_sign">mod_ca_engine</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by an HSM
+ such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_sign">mod_ca_simple</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by a
+ certificate and key specified on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows the newly generated certificate to
+ be stored locally or in a database or directory. If left
+ unconfigured, no local copy of the certificate will be stored.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_certstore">mod_ca_ldap</a>
+ </td>
+ <td>Saves the newly issued PKCS7 certificate and chain to an
+ LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+
+ </div>
+
+ <div>
+ <img src="images/mod_scep-2.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getcert">Get Certificate Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns certificates that were requested previously and
+ generated at a possibly later date or time.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#ca_reqauthz">mod_ca_disk</a>
+ </td>
+ <td>Returns a certificate from a location on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+
+ <div>
+ <img src="images/mod_scep-3.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getca">Get CA Certificate Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns CA certificates for the given CA.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_getca">mod_ca_engine</a>
+ </td>
+ <td>Returns CA certificates that would sign certificate sign requests by an HSM
+ such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_getca">mod_ca_simple</a>
+ </td>
+ <td>Returns CA certificates that would sign certificate sign requests by a
+ certificate and key specified on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getnextca">Get Next CA Certificate Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns certificates that were requested previously and
+ generated at a possibly later date or time.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_getca">mod_ca_engine</a>
+ </td>
+ <td>Returns the upcoming next CA certificates that would sign
+ certificate sign requests by an HSM such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_getca">mod_ca_simple</a>
+ </td>
+ <td>Returns the upcoming next CA certificates that would sign
+ certificate sign requests by a certificate and key specified
+ on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: issue a certificate to anybody who wants
+ one.</p>
+ <pre>
+ <code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_scep.c>
+ <Location /scep>
+ SetHandler scep
+ # use subject from the certificate sign request unmodified
+ ScepSubjectRequest *
+ </Location>
+</IfModule>
+]]></code>
+ </pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Logged In Example</h3>
+ </header>
+ <div class="content">
+ <p>A more typical scenario: issue a certificate to a logged in
+ user.</p>
+ <p>In this example it is assumed that Apache configuration
+ exists that
+ authenticates a user against a database, directory, a token, or a previous
+ certificate.
+ </p>
+ <pre>
+ <code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_scep.c>
+ <Location /scep>
+ SetHandler scep
+ # standard Apache authorisation
+ Require valid-user
+ # set the common name to the logged in username
+ ScepSubjectSet CN %{REMOTE_USER}
+ # set a fixed OU field in the subject
+ ScepSubjectSet OU "Terms and Conditions Apply"
+ </Location>
+</IfModule>
+]]></code>
+ </pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>ScepCRLURL Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>GetCRL will be redirected to this URL.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepCRLURL url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ If set, attempts at GetCRL will be redirected to this URL.
+ GetCRL will be
+ rejected with
+ <code>400 Bad Request</code>
+ otherwise.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepFreshness Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>The max-age of the certificates will be divided by this
+ factor.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepFreshness factor [max-seconds]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>ScepFreshness 2 86400</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>The age of the certificates will be divided by this factor
+ when added as a max-age, set
+ to zero to disable. Defaults to "2". An optional maximum value
+ can be specified, defaults
+ to one day.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepLocation Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepLocation url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>ScepLocation [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepRACertificate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the signing certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepRACertificate filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the signing certificate.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepRAKey Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the signing key.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepRAKey filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the signing key.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepRANextCertificate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the next RA signing certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepRANextCertificate filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the next RA signing certificate.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepSize Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the maximum size of the SCEP request from the
+ client.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepSize bytes</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>ScepSize 131072</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the maximum size of the SCEP request from the client.
+ This value cannot be smaller than 4096 bytes.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepSubjectAltNameRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify fields in the certificate request subject
+ alternative name that will be copied over to the
+ certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepSubjectAltNameRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify fields in the certificate request subject alternative name that will
+ be copied over to the certificate, with optional limit to the
+ number of fields that may appear.</p>
+
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepSubjectAltNameSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject alternative name.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepSubjectAltNameSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject alternative name.</p>
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepSubjectRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify fields in the certificate request subject that
+ will be copied over to the certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepSubjectRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>ScepSubjectRequest field 1</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify fields in the certificate request subject that will
+ be copied over to the certificate, with optional limit to the
+ number of fields that may appear.</p>
+
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>ScepSubjectSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>ScepSubjectSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_scep</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_scep 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject. Subject attribute name is configured first, then
+ the expression.</p>
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
Added: rs-manual/trunk/src/site/xhtml5/mod_spkac.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod_spkac.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod_spkac.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,682 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_spkac Module</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Signed Public Key and Challenge Module</h2>
+ <p>Generate and issue certificates using the SPKAC protocol.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+ <p>
+ This module implements a <a href="https://en.wikipedia.org/wiki/SPKAC">
+ Signed Public Key and Challenge</a> endpoint that is capable of signing
+ and issuing certificates on behalf of a suitable client.
+ </p>
+
+ <p>Based on configuration, parameters can be passed from
+ optional form parameters, or explicit expressions, and a new
+ certificate sign request with
+ acceptable parameters is combined with the public key and the
+ challenge from the SPKAC parameter and passed to suitably configured
+ backend modules for request authorisation,
+ certificate signing and issuing, and certificate storage.</p>
+
+ <p>
+ This module can be configured to respond to SPKAC client requests as
+ implemented by conformant implementations of HTML5.2 and earlier.
+ </p>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_spkac</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_spkac</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_spkac</code>
+ module uses the following hooks to authorise, sign/issue and
+ store a
+ certificate, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All
+ <a href="mod_ca.html#frontend">frontend modules</a>
+ run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="images/mod_spkac-1.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows you to verify the parameters
+ included with the certificate sign request, such as the
+ challenge password. If left unconfigured, all certificate
+ requests will be accepted.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_reqauthz">mod_ca_ldap</a>
+ </td>
+ <td>Allows the certificate sign request to be verified
+ against an LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_sign">Sign Request Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hooks signs the certificate sign request and returns the
+ issued certificate. The hook is mandatory, and the request will
+ be rejected if left unconfigured.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#ca_sign">mod_ca_disk</a>
+ </td>
+ <td>Allows certificate sign requests to be saved to disk for
+ later out of band processing. The response will redirect the
+ caller to where the certificate can be collected.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_sign">mod_ca_engine</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by an HSM
+ such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_sign">mod_ca_simple</a>
+ </td>
+ <td>Allows certificate sign requests to be signed by a
+ certificate and key specified on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows the newly generated certificate to
+ be stored locally or in a database or directory. If left
+ unconfigured, no local copy of the certificate will be stored.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_ldap.html#ca_certstore">mod_ca_ldap</a>
+ </td>
+ <td>Saves the newly issued PKCS7 certificate and chain to an
+ LDAP directory.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+
+ </div>
+
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: issue a certificate to anybody who wants
+ one.</p>
+ <pre>
+ <code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_spkac.c>
+ <Location /spkac>
+ SetHandler spkac
+ # use subject from the certificate sign request unmodified
+ SpkacSubjectRequest *
+ </Location>
+</IfModule>
+]]></code>
+ </pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Logged In Example</h3>
+ </header>
+ <div class="content">
+ <p>A more typical scenario: issue a certificate to a logged in
+ user.</p>
+ <p>In this example it is assumed that Apache configuration
+ exists that
+ authenticates a user against a database, directory, a token, or a previous
+ certificate.
+ </p>
+ <pre>
+ <code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_spkac.c>
+ <Location /spkac>
+ SetHandler spkac
+ # standard Apache authorisation
+ Require valid-user
+ # set the common name to the logged in username
+ SpkacSubjectSet CN %{REMOTE_USER}
+ # set a fixed OU field in the subject
+ SpkacSubjectSet OU "Terms and Conditions Apply"
+ </Location>
+</IfModule>
+]]></code>
+ </pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>SpkacLocation Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>SpkacLocation url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>SpkacLocation [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_spkac</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_spkac 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>SpkacSize Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the maximum size of the SPKAC request from the
+ client.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>SpkacSize bytes</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>SpkacSize 131072</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_spkac</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_spkac 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the maximum size of the SPKAC request from the client.
+ This value cannot be smaller than 4096 bytes.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>SpkacName Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the form name of the SPKAC request from the
+ client.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>SpkacName string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>SpkacName key</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_spkac</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_spkac 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the form parameter containing the SPKAC request
+ from the client.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>SpkacSubjectAltNameRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify fields in the form that will be copied over to the subject
+ alternative name of the certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>SpkacSubjectAltNameRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_spkac</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_spkac 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify fields in the form that will be copied over to the subject
+ alternative name of the certificate, with optional limit to the
+ number of fields that may appear.</p>
+
+ <p>Fields in the form are expected to be prefixed with the string
+ <code>subjectAltName-</code> which will stripped before comparing to
+ names set by this directive.
+ </p>
+<!--
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+-->
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>SpkacSubjectAltNameSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject alternative name.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>SpkacSubjectAltNameSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_spkac</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_spkac 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject alternative name.</p>
+
+ <p>Field names are limited to <code>otherName</code>, <code>rfc822Name</code>,
+ <code>dNSName</code>, <code>x400Address</code>, <code>directoryName</code>,
+ <code>ediPartyName</code>, <code>uniformResourceIdentifier</code>,
+ <code>iPAddress</code>, or <code>registeredID</code> and are described in
+ the <a href="subjects.html"> Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>SpkacSubjectRequest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify fields in the form that
+ will be copied over to the certificate subject.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>SpkacSubjectRequest field [number]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>SpkacSubjectRequest field 1</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_spkac</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_spkac 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify fields in the form that will
+ be copied over to the certificate subject, with optional limit to the
+ number of fields that may appear.</p>
+
+<!--
+ <p>If a wildcard is used, all fields in the certificate request
+ subject alternative name will be copied across unmodified.
+ </p>
+-->
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>SpkacSubjectSet Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify an expression that will be included in the
+ certificate subject.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>SpkacSubjectSet field value</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_spkac</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_spkac 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify an expression that will be included in the
+ certificate subject. Subject attribute name is configured first, then
+ the expression.</p>
+
+ <p>Subject handling is covered in detail in the <a href="subjects.html">
+ Subjects and Subject Alternative Names</a> section.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
Added: rs-manual/trunk/src/site/xhtml5/subjects.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/subjects.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/subjects.xhtml5 Sun Sep 1 12:16:07 2019
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>Subject Handling</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Subjects and Subject Alternative Names</h2>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>How does it work?</h3>
+ </header>
+ <div class="content">
+ <p>Both subjects and subject alternative names can be built up from
+ fields in submitted certificate sign requests, fields from the submitted
+ form, or Apache httpd expressions, or any combination thereof.
+ </p>
+ <p>The order of the directives controls the order that the components of the
+ subjects or subject alternative names appear in the resulting certificate.
+ </p>
+ <p>It is possible to pass through all fields in a submitted certificate
+ sign request using a wildcard, or to explicitly set each component
+ individually as needed.
+ </p>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Subjects</h3>
+ </header>
+ <div class="content">
+ <p>The components of subjects can be specified as OID values, or their well
+ known aliases.
+ </p>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Subject Alternative Names</h3>
+ </header>
+ <div class="content">
+ <p>The components of subject alternative names are limited to the following:
+ </p>
+ <table>
+ <tbody>
+ <tr>
+ <td>otherName</td><td></td>
+ </tr>
+ <tr>
+ <td>rfc822Name</td><td>Email address in format of an "addr-spec" as defined in RFC 822</td>
+ </tr>
+ <tr>
+ <td>dNSName</td><td>Domain name in "preferred name syntax," as specified by RFC 1034</td>
+ </tr>
+ <tr>
+ <td>x400Address</td><td></td>
+ </tr>
+ <tr>
+ <td>directoryName</td><td>Distinguished name</td>
+ </tr>
+ <tr>
+ <td>ediPartyName</td><td></td>
+ </tr>
+ <tr>
+ <td>uniformResourceIdentifier</td><td>URI as a non-relative URL, and following the URL syntax and encoding rules specified in RFC 1738</td>
+ </tr>
+ <tr>
+ <td>iPAddress</td><td>IPv4 or IPv6 address</td>
+ </tr>
+ <tr>
+ <td>registeredID</td><td></td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Passthrough Example</h3>
+ </header>
+ <div class="content">
+ <p>The trivial case: pass all fields of a certificate sign request through
+ unmodified.</p>
+<pre><code><![CDATA[
+<IfModule mod_scep.c>
+ # pass all elements of the subject through unmodified
+ ScepSubjectRequest *
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Expressions Example</h3>
+ </header>
+ <div class="content">
+ <p>The simple case: set the fields of a subject to fixed expressions.</p>
+ <p>All fields in the submitted certificate sign request or form parameters
+ will be ignored.</p>
+<pre><code><![CDATA[
+<IfModule mod_csr.c>
+ # set the common name to an expression
+ # resolving to the current logged in user
+ CsrSubjectSet CN %{REMOTE_USER}
+ CsrSubjectSet OU People
+ CsrSubjectSet DC example
+ CsrSubjectSet DC com
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Request Example</h3>
+ </header>
+ <div class="content">
+ <p>Embed fields from the client: Allow the client to choose values for given fields.</p>
+ <p>In this example it is possible for two callers to choose the same common name
+ value. It is assumed here that the intended application would be capable of
+ disambiguating the certificates using the serial number of the certificate.
+ Alternatively the <a href="mod_ca.html#ca_reqauthz">Request Authorization hook</a>
+ could be used to issue certificates for subjects that were arranged in advance, or
+ to enforce a first come first served scenario.
+ </p>
+<pre><code><![CDATA[
+<IfModule mod_pkcs12.c>
+ # allow the client to set their common name
+ Pkcs12SubjectRequest CN
+ Pkcs12SubjectSet OU Devices
+ Pkcs12SubjectSet DC example
+ Pkcs12SubjectSet DC com
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ </div>
+ </body>
+</html>
+
More information about the rs-commit
mailing list