[rs-commit] r311 - in /rs-manual/trunk/src: main/modules.xml site/resources/images/mod_cert.png site/xhtml5/mod/mod_cert.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Wed Feb 26 00:57:57 CET 2020


Author: minfrin at redwax.eu
Date: Wed Feb 26 00:57:55 2020
New Revision: 311

Log:
Add manual for mod_cert.

Added:
    rs-manual/trunk/src/site/resources/images/mod_cert.png   (with props)
    rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5
Modified:
    rs-manual/trunk/src/main/modules.xml

Modified: rs-manual/trunk/src/main/modules.xml
==============================================================================
--- rs-manual/trunk/src/main/modules.xml	(original)
+++ rs-manual/trunk/src/main/modules.xml	Wed Feb 26 00:57:55 2020
@@ -1,4 +1,5 @@
 <modules>
+  <module type="frontend">mod_cert</module>
   <module type="frontend">mod_crl</module>
   <module type="frontend">mod_csr</module>
   <module type="frontend">mod_ocsp</module>

Added: rs-manual/trunk/src/site/resources/images/mod_cert.png
==============================================================================
Binary file - no diff available.

Propchange: rs-manual/trunk/src/site/resources/images/mod_cert.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5	(added)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_cert.xhtml5	Wed Feb 26 00:57:55 2020
@@ -0,0 +1,367 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+  <head>
+    <title>mod_cert Module</title>
+    <meta name="description" content="Return the CA certificate or next CA certificate as a response." />
+    <meta name="mod-ca-type" content="frontend" />
+    <link rel="canonical" href="https://redwax.eu/rs/docs/latest/mod/mod_cert.html" />
+  </head>
+  <body>
+
+    <section class="spotlight style2 orient-right content-align-left image-position-left">
+      <div class="content null">
+        <h2>Certificate Module</h2>
+        <p>Return the CA certificate or next CA certificate as a response.</p>
+      </div>
+      <div class="image">
+        <img src="../images/candles-red.jpg" alt="" />
+      </div>
+    </section>
+
+    <div class="none">
+
+      <section class="wrapper style1 align-center"
+        id="introduction">
+        <div class="inner">
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>What does it do?</h3>
+              </header>
+              <div class="content">
+
+                <p>
+                  Based on configuration of the backend modules, the CA certificate
+                  or the next CA certificate is returned as a DER or PEM encoded
+                  X509 certificate as per
+                  <a href="https://tools.ietf.org/html/rfc5280">RFC5280</a>.
+                </p>
+
+<!-- support the Accept header -->
+
+              </div>
+            </section>
+
+
+          </div>
+        </div>
+      </section>
+
+
+
+      <section class="wrapper style1 align-center" id="integration">
+        <div class="inner">
+          <h2>Module Integration</h2>
+          <p>
+            The
+            <code>mod_cert</code>
+            module is a
+            <a href="mod_ca.html#frontend">frontend module</a>
+            and will not do anything useful until
+            <code>mod_cert</code>
+            has been combined with one or
+            more
+            <a href="mod_ca.html#backend">backend modules</a>
+            listed below. The
+            <code>mod_cert</code>
+            module uses the following hooks to get the CA certificate and next CA certificate, and suitable
+            <a href="mod_ca.html#backend">backend modules</a>
+            must be configured to implement each hook as needed.
+          </p>
+
+          <p>
+            All <a href="mod_ca.html#frontend">frontend modules</a> run within
+            a standard Apache httpd request, and standard httpd functionality
+            applies in all cases.
+          </p>
+
+          <div>
+            <img src="../images/mod_cert.png" style="width: 100%;" />
+          </div>
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_getca">Get CA Certificate Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>This hook returns CA certificates for the given CA.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_engine.html#ca_getca">mod_ca_engine</a>
+                      </td>
+                      <td>Returns CA certificates that would sign certificate sign requests by an HSM
+                        such as a smartcard.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_simple.html#ca_getca">mod_ca_simple</a>
+                      </td>
+                      <td>Returns CA certificates that would sign certificate sign requests by a
+                        certificate and key specified on disk.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_getnextca">Get Next CA Certificate Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>This hook returns certificates that were requested previously and
+                  generated at a possibly later date or time.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_engine.html#ca_getca">mod_ca_engine</a>
+                      </td>
+                      <td>Returns the upcoming next CA certificates that would sign
+                        certificate sign requests by an HSM such as a smartcard.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_ca_simple.html#ca_getca">mod_ca_simple</a>
+                      </td>
+                      <td>Returns the upcoming next CA certificates that would sign
+                        certificate sign requests by a certificate and key specified
+                        on disk.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+
+          </div>
+        </div>
+      </section>
+
+
+      <section class="wrapper style1 align-center"
+        id="directive-reference">
+        <div class="inner">
+          <h2>Examples</h2>
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>Basic Example</h3>
+              </header>
+              <div class="content">
+                <p>The simplest case: return the CA certificate and the next CA certificate to anybody who wants it.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+  # return these certificates
+  CASimpleCertificate /etc/pki/tls/ca-cert.pem
+  CASimpleNextCertificate /etc/pki/tls/ca-cert-next.pem
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_cert.c>
+  <Location /ca.der>
+    SetHandler cert-ca
+  </Location>
+  <Location /ca-next.der>
+    SetHandler cert-nextca
+  </Location>
+</IfModule>
+]]></code></pre>
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+
+      <section class="wrapper style1 align-center"
+        id="directive-reference">
+        <div class="inner">
+          <h2>Directive Reference</h2>
+          <div class="index align-left">
+
+            <section id="directive-CertFreshness">
+              <header>
+                <h3>Cert<wbr />Freshness Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>The max-age of the certificate will be divided by this
+                        factor.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>Cert<wbr />Freshness factor [max-seconds]</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>Cert<wbr />Freshness 2 86400</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#frontend">Frontend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_cert</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_cert 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>The age of the certificate will be divided by this 
+                  factor when added as a max-age, set
+                  to zero to disable. Defaults to "2". An optional maximum value
+                  can be specified, defaults
+                  to one day.</p>
+
+              </div>
+            </section>
+
+            <section id="directive-CertLocation">
+              <header>
+                <h3>Cert<wbr />Location Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Set the URL location of the WADL returned by the OPTIONS
+                        method.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>Cert<wbr />Location url</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>Cert<wbr />Location [current-URL]</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#frontend">Frontend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_cert</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_cert 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Set the URL location of the WADL returned by the OPTIONS
+                  method.</p>
+
+              </div>
+            </section>
+
+            <section id="directive-CertEncoding">
+              <header>
+                <h3>Cert<wbr />Encoding Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Set to the default encoding to be returned if not specified.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>Cert<wbr />Encoding encoding</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>Cert<wbr />Encoding der</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#frontend">Frontend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_cert</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_cert 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Set the default encoding to be returned if not specified. Must be
+                  one of "pem", "x-pem" or "der".
+                </p>
+
+              </div>
+            </section>
+
+
+          </div>
+        </div>
+      </section>
+
+    </div>
+  </body>
+</html>
+



More information about the rs-commit mailing list