[rs-commit] r311 - in /rs-manual/trunk/src: main/modules.xml site/resources/images/mod_cert.png site/xhtml5/mod/mod_cert.xhtml5
rs-commit at redwax.eu
rs-commit at redwax.eu
Wed Feb 26 00:57:57 CET 2020
Author: minfrin at redwax.eu
Date: Wed Feb 26 00:57:55 2020
New Revision: 311
Log:
Add manual for mod_cert.
Added:
rs-manual/trunk/src/site/resources/images/mod_cert.png (with props)
rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5
Modified:
rs-manual/trunk/src/main/modules.xml
Modified: rs-manual/trunk/src/main/modules.xml
==============================================================================
--- rs-manual/trunk/src/main/modules.xml (original)
+++ rs-manual/trunk/src/main/modules.xml Wed Feb 26 00:57:55 2020
@@ -1,4 +1,5 @@
<modules>
+ <module type="frontend">mod_cert</module>
<module type="frontend">mod_crl</module>
<module type="frontend">mod_csr</module>
<module type="frontend">mod_ocsp</module>
Added: rs-manual/trunk/src/site/resources/images/mod_cert.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_cert.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5 Wed Feb 26 00:57:55 2020
@@ -0,0 +1,367 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_cert Module</title>
+ <meta name="description" content="Return the CA certificate or next CA certificate as a response." />
+ <meta name="mod-ca-type" content="frontend" />
+ <link rel="canonical" href="https://redwax.eu/rs/docs/latest/mod/mod_cert.html" />
+ </head>
+ <body>
+
+ <section class="spotlight style2 orient-right content-align-left image-position-left">
+ <div class="content null">
+ <h2>Certificate Module</h2>
+ <p>Return the CA certificate or next CA certificate as a response.</p>
+ </div>
+ <div class="image">
+ <img src="../images/candles-red.jpg" alt="" />
+ </div>
+ </section>
+
+ <div class="none">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ Based on configuration of the backend modules, the CA certificate
+ or the next CA certificate is returned as a DER or PEM encoded
+ X509 certificate as per
+ <a href="https://tools.ietf.org/html/rfc5280">RFC5280</a>.
+ </p>
+
+<!-- support the Accept header -->
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_cert</code>
+ module is a
+ <a href="mod_ca.html#frontend">frontend module</a>
+ and will not do anything useful until
+ <code>mod_cert</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#backend">backend modules</a>
+ listed below. The
+ <code>mod_cert</code>
+ module uses the following hooks to get the CA certificate and next CA certificate, and suitable
+ <a href="mod_ca.html#backend">backend modules</a>
+ must be configured to implement each hook as needed.
+ </p>
+
+ <p>
+ All <a href="mod_ca.html#frontend">frontend modules</a> run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="../images/mod_cert.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getca">Get CA Certificate Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns CA certificates for the given CA.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_getca">mod_ca_engine</a>
+ </td>
+ <td>Returns CA certificates that would sign certificate sign requests by an HSM
+ such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_getca">mod_ca_simple</a>
+ </td>
+ <td>Returns CA certificates that would sign certificate sign requests by a
+ certificate and key specified on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_getnextca">Get Next CA Certificate Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This hook returns certificates that were requested previously and
+ generated at a possibly later date or time.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_ca_engine.html#ca_getca">mod_ca_engine</a>
+ </td>
+ <td>Returns the upcoming next CA certificates that would sign
+ certificate sign requests by an HSM such as a smartcard.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_ca_simple.html#ca_getca">mod_ca_simple</a>
+ </td>
+ <td>Returns the upcoming next CA certificates that would sign
+ certificate sign requests by a certificate and key specified
+ on disk.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Basic Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: return the CA certificate and the next CA certificate to anybody who wants it.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # return these certificates
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ CASimpleNextCertificate /etc/pki/tls/ca-cert-next.pem
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_cert.c>
+ <Location /ca.der>
+ SetHandler cert-ca
+ </Location>
+ <Location /ca-next.der>
+ SetHandler cert-nextca
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section id="directive-CertFreshness">
+ <header>
+ <h3>Cert<wbr />Freshness Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>The max-age of the certificate will be divided by this
+ factor.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Cert<wbr />Freshness factor [max-seconds]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Cert<wbr />Freshness 2 86400</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_cert</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_cert 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>The age of the certificate will be divided by this
+ factor when added as a max-age, set
+ to zero to disable. Defaults to "2". An optional maximum value
+ can be specified, defaults
+ to one day.</p>
+
+ </div>
+ </section>
+
+ <section id="directive-CertLocation">
+ <header>
+ <h3>Cert<wbr />Location Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set the URL location of the WADL returned by the OPTIONS
+ method.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Cert<wbr />Location url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Cert<wbr />Location [current-URL]</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_cert</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_cert 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the URL location of the WADL returned by the OPTIONS
+ method.</p>
+
+ </div>
+ </section>
+
+ <section id="directive-CertEncoding">
+ <header>
+ <h3>Cert<wbr />Encoding Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to the default encoding to be returned if not specified.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>Cert<wbr />Encoding encoding</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>Cert<wbr />Encoding der</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#frontend">Frontend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_cert</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_cert 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set the default encoding to be returned if not specified. Must be
+ one of "pem", "x-pem" or "der".
+ </p>
+
+ </div>
+ </section>
+
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
More information about the rs-commit
mailing list