[rs-commit] r354 - /rs-manual/trunk/src/site/xhtml5/configuration.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Fri Mar 20 13:35:04 CET 2020 

Author: minfrin at redwax.eu
Date: Fri Mar 20 13:35:03 2020
New Revision: 354

Log:
Add documentation for frontend modules, based on the interop site.

Modified:
    rs-manual/trunk/src/site/xhtml5/configuration.xhtml5

Modified: rs-manual/trunk/src/site/xhtml5/configuration.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/configuration.xhtml5	(original)
+++ rs-manual/trunk/src/site/xhtml5/configuration.xhtml5	Fri Mar 20 13:35:03 2020
@@ -236,6 +236,201 @@
       </div>
     </section>
 
+    <section class="wrapper style1 align-center inner"
+        id="frontend">
+      <header>
+        <h2>Configure a Redwax Frontend Server</h2>
+        <p>
+          Your second choice to make is how you will respond to requests for certificates,
+          certificate revocation lists, online certificate status protocol requests, and
+          time stamp requests.
+        </p>
+        <p>
+          You may choose just one of these, or all of these, as per your requirements.
+        </p>
+      </header>
+      <div class="content index align-left">
+
+        <section>
+          <header>
+            <h3>Certificate Sign Requests</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          In this example, we've decided to use the
+	          <a href="mod/mod_csr.html">mod_csr</a> module to issue certificates
+	          to anybody in response to a certificate sign request provided by a browser.
+	        </p>
+	        <p>
+	          Other choices are available as documented in the list of
+	          <a href="modules.html#front">frontend modules</a>.
+	        </p>
+<pre><code><![CDATA[<IfModule !csr_module>
+  LoadModule csr_module /usr/lib64/httpd/modules/mod_csr.so
+</IfModule>
+
+<Location /test/simple/csr>
+  Require all granted
+  SetHandler csr
+  CsrParamChallenge challenge
+  CsrSubjectRequest CN
+  CsrSubjectRequest O
+  CsrSubjectRequest C
+  CsrSubjectAltNameRequest rfc822Name
+</Location>]]></code></pre>
+          </div>
+        </section>
+
+        <section>
+          <header>
+            <h3>PKCS12 Requests</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          In this example, we've decided to use the
+	          <a href="mod/mod_pkcs12.html">mod_pkcs12</a> module to issue a private key
+	          and a certificate signed by that key to anybody in response to a parameters
+	          submitted by a form in a browser.
+	        </p>
+	        <p>
+	          Other choices are available as documented in the list of
+	          <a href="modules.html#front">frontend modules</a>.
+	        </p>
+<pre><code><![CDATA[<IfModule !pkcs12_module>
+  LoadModule pkcs12_module /usr/lib64/httpd/modules/mod_pkcs12.so
+</IfModule>
+
+<Location /test/simple/pkcs12>
+  Require all granted
+  SetHandler pkcs12
+  Pkcs12SubjectRequest O
+  Pkcs12SubjectRequest CN
+  Pkcs12SubjectRequest C
+  Pkcs12SubjectAltNameRequest rfc822Name
+</Location>]]></code></pre>
+          </div>
+        </section>
+
+        <section>
+          <header>
+            <h3>Simple Certificate Enrollment Protocol (SCEP) Requests</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          In this example, we've decided to use the
+	          <a href="mod/mod_scep.html">mod_scep</a> module to issue a certificate
+	          to anybody in response to a parameters submitted by SCEP client.
+	        </p>
+	        <p>
+	          Some SCEP clients will only work over a non-SSL connection. This
+	          backend configuration, along with the frontend configuration may
+	          be repeated in a non-SSL virtual host or webserver.
+	        </p>
+	        <p>
+	          Other choices are available as documented in the list of
+	          <a href="modules.html#front">frontend modules</a>.
+	        </p>
+<pre><code><![CDATA[<IfModule !scep_module>
+  LoadModule scep_module /usr/lib64/httpd/modules/mod_scep.so
+</IfModule>
+
+<Location /test/simple/scep>
+  Require all granted
+  SetHandler scep
+  ScepRACertificate /etc/pki/interop/scep-ra.cert
+  ScepRAKey /etc/pki/interop/private/scep-ra.key
+  ScepSubjectRequest O
+  ScepSubjectRequest CN
+  ScepSubjectRequest C
+  ScepSubjectAltNameRequest rfc822Name
+</Location>]]></code></pre>
+          </div>
+        </section>
+
+        <section>
+          <header>
+            <h3>Simple Public Key and Challenge (SPKAC) / Keygen Requests</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          In this example, we've decided to use the
+	          <a href="mod/mod_spkac.html">mod_spkac</a> module to issue certificates
+	          to anybody in response to an SPKAC request provided by a browser.
+	        </p>
+	        <p>
+	          This may be done using the HTML5 <code>keygen</code> tag, or through
+	          functionality provided by OpenSSL.
+	        </p>
+	        <p>
+	          Other choices are available as documented in the list of
+	          <a href="modules.html#front">frontend modules</a>.
+	        </p>
+<pre><code><![CDATA[<IfModule !spkac_module>
+  LoadModule spkac_module /usr/lib64/httpd/modules/mod_spkac.so
+</IfModule>
+
+<Location /test/simple/spkac>
+  Require all granted
+  SetHandler spkac
+  SpkacSubjectRequest CN
+  SpkacSubjectRequest O
+  SpkacSubjectRequest C
+  SpkacSubjectAltNameRequest rfc822Name
+</Location>]]></code></pre>
+          </div>
+        </section>
+
+        <section>
+          <header>
+            <h3>X509 CA Certificate Requests</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          In this example, we've decided to use the
+	          <a href="mod/mod_cert.html">mod_cert</a> module to return CA certificates
+	          that are currently in use by the backend modules in response to a browser
+	          request.
+	        </p>
+	        <p>
+	          Other choices are available as documented in the list of
+	          <a href="modules.html#front">frontend modules</a>.
+	        </p>
+<pre><code><![CDATA[<IfModule !cert_module>
+  LoadModule cert_module /usr/lib64/httpd/modules/mod_cert.so
+</IfModule>
+
+<Location /test/simple/ca.der>
+  Require all granted
+  SetHandler cert-ca
+</Location>]]></code></pre>
+          </div>
+        </section>
+
+        <section>
+          <header>
+            <h3>PKCS7 CA Certificate Requests</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          In this example, we've decided to use the
+	          <a href="mod/mod_pkcs7.html">mod_pkcs7</a> module to return CA certificates
+	          that are currently in use by the backend modules as DER or PEM encoded PKCS7
+	          responses in response to a browser request.
+	        </p>
+	        <p>
+	          Other choices are available as documented in the list of
+	          <a href="modules.html#front">frontend modules</a>.
+	        </p>
+<pre><code><![CDATA[<Location /test/simple/ca.p7b>
+  Require all granted
+  SetHandler pkcs7-ca
+</Location>]]></code></pre>
+          </div>
+        </section>
+
+      </div>
+    </section>
+
   </body>
 </html>

More information about the rs-commit mailing list