[rs-commit] r75 - in /rs-manual/trunk/src/site: site.xml xhtml5/mod/mod_timestamp.xhtml5
rs-commit at redwax.eu
rs-commit at redwax.eu
Fri Sep 6 01:52:00 CEST 2019
Author: minfrin at redwax.eu
Date: Fri Sep 6 01:51:59 2019
New Revision: 75
Log:
Document the mod_timestamp module.
Added:
rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5
Modified:
rs-manual/trunk/src/site/site.xml
Modified: rs-manual/trunk/src/site/site.xml
==============================================================================
--- rs-manual/trunk/src/site/site.xml (original)
+++ rs-manual/trunk/src/site/site.xml Fri Sep 6 01:51:59 2019
@@ -42,6 +42,7 @@
<item name="mod_pkcs12 Module" href="mod/mod_pkcs12.html"/>
<item name="mod_scep Module" href="mod/mod_scep.html"/>
<item name="mod_spkac Module" href="mod/mod_spkac.html"/>
+ <item name="mod_timestamp Module" href="mod/mod_timestamp.html"/>
</menu>
<links>
Added: rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5 Fri Sep 6 01:51:59 2019
@@ -0,0 +1,837 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_timestamp Module</title>
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Time Stamp Protocol Module</h2>
+ <p>Parse and return responses to RFC3161 Time Stamp Protocol requests.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+ <p>
+ This module implements a <a href="https://www.ietf.org/rfc/rfc3161.txt">
+ Time Stamp Protocol</a> endpoint that supports assertions of proof that
+ a datum existed before a particular time.
+ </p>
+
+ <p>Based on configuration, an incoming POST request with a content type
+ of <code>application/timestamp-query</code> is received, the datum is
+ signed, and the response is returned as <code>application/timestamp-reply</code>.
+ </p>
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_timestamp</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_timestamp</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_timestamp</code>
+ module uses the following hooks to make a serial number
+ and obtain the time, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All
+ <a href="mod_ca.html#frontend">frontend modules</a>
+ run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="../images/mod_timestamp-1.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Make Serial Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook generates the serial number to be included in the
+ timestamp response. The hook is mandatory, and the request will
+ be rejected if left unconfigured.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_makeserial">mod_ca_simple</a>
+ </td>
+ <td>Allows a serial number to be generated at random.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_disk.html#ca_makeserial">mod_ca_disk</a>
+ </td>
+ <td>Allows a serial number to be assigned from a counter stored
+ on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_gettime">Get Time Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hooks returns the time to be used when generating the
+ timestamp. The hook is mandatory, and the request will
+ be rejected if left unconfigured.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_gettime">mod_ca_simple</a>
+ </td>
+ <td>Returns the system time provided by the underlying operating
+ system.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: generate a timestamp for anybody who wants
+ one.</p>
+ <pre>
+ <code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_timestamp.c>
+ <Location /timestamp>
+ SetHandler timestamp
+ # sign with this certificate...
+ TimestampSigningCertificate /etc/pki/ssl/timestamp.cert
+ # ...and private key
+ TimestampSigningKey /etc/pki/ssl/timestamp.key
+ # use a sha256 digest
+ TimestampDigest SHA256
+ # set the policy to an oid of your choice
+ TimestampDefaultPolicy 1.2.3.4
+ </Location>
+</IfModule>
+]]></code>
+ </pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Logged In Example</h3>
+ </header>
+ <div class="content">
+ <p>A more typical scenario: generate a timestamp for a logged in
+ user.</p>
+ <p>In this example it is assumed that Apache configuration
+ exists that
+ authenticates a user against a database, directory, a token, or a previous
+ certificate.
+ </p>
+ <pre>
+ <code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_timestamp.c>
+ <Location /timestamp>
+ SetHandler timestamp
+ # standard Apache authorisation
+ Require valid-user
+ # sign with this certificate...
+ TimestampSigningCertificate /etc/pki/ssl/timestamp.cert
+ # ...and private key
+ TimestampSigningKey /etc/pki/ssl/timestamp.key
+ # use a sha256 digest
+ TimestampDigest SHA256
+ # set the policy to an oid of your choice
+ TimestampDefaultPolicy 1.2.3.4
+ </Location>
+</IfModule>
+]]></code>
+ </pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>TimestampSigningCertificate Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the signing certificate.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampSigningCertificate filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the signing certificate.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampSigningKey Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of the signing key.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampSigningKey filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of the signing key.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampCertificateChain Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the name of a file containing the rest of the certificate chain.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampCertificateChain filename</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the name of a file containing the rest of the certificate chain.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampSize Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the maximum size of the timestamp request from the
+ client.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampSize bytes</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>TimestampSize 131072</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to the maximum size of the timestamp request from the client.
+ This value cannot be smaller than 4096 bytes.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampLocation Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampLocation url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>TimestampLocation [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampPolicy Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Add the given policy to the timestamp.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampPolicy oid</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ Add the given policy to the timestamp.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampDefaultPolicy Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the given policy as the default timestamp policy.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampDefaultPolicy oid</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ Set the given policy as the default timestamp policy.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampDigest Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Add the given digest to the timestamp.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampDigest digest</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ Add the given digest to the timestamp.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampIncludeChain Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Indicate whether the certificate chain should be included.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampIncludeChain flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>TimestampIncludeChain off</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ Indicate whether the certificate chain should be included in the ESS
+ signing certificate attribute within the response.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampOrdering Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set ordering to true in the response.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampOrdering flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>TimestampOrdering off</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ Set ordering to true in the response.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampTsaName Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to include the TSA name in the response.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampTsaName flag</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>TimestampTsaName off</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ Set to include the TSA name in the response.
+ </p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>TimestampClockPrecisionDigits Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the number of clock precision digits.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>TimestampClockPrecisionDigits number</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>None</td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td><a href="mod_ca.html#frontend">Frontend</a></td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_timestamp</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_timestamp 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>
+ Set the number of clock precision digits.
+ </p>
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
More information about the rs-commit
mailing list