diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/server/plugins/generators/sslca.txt | 63 |
1 files changed, 56 insertions, 7 deletions
diff --git a/doc/server/plugins/generators/sslca.txt b/doc/server/plugins/generators/sslca.txt index 2b07f91fe..85659982e 100644 --- a/doc/server/plugins/generators/sslca.txt +++ b/doc/server/plugins/generators/sslca.txt @@ -146,9 +146,15 @@ cert.xml ``cert.xml`` is an XML document describing an SSL certificate generated from an SSL key that has also been generated by SSLCA. It -contains a top-level ``CertInfo`` tag that contains a single ``Cert`` -tag. (``Group`` and ``Client`` tags are not currently supported in -``cert.xml``.) The ``Cert`` tag may take the following attributes: +honors ``Group`` and ``Client`` tags much like Bundler. It must have +a top-level ``CertInfo`` tag and can contain two types of tags: + +Cert +~~~~ + +The ``Cert`` tag explains how the certificate should be generated. +There should be at least one ``Cert`` tag, and at most one ``Cert`` +tag should apply to any given client. +--------------+------------------------------------------+---------+---------+ | Attribute | Description | Values | Default | @@ -188,13 +194,42 @@ tag. (``Group`` and ``Client`` tags are not currently supported in | | the format required by Nginx) | | | +--------------+------------------------------------------+---------+---------+ +SubjectAltName +~~~~~~~~~~~~~~ + +The ``SubjectAltName`` tag contains text giving a subject alternative +name for the certificate. Any number of ``SubjectAltName`` tags may +be used. + +Example +~~~~~~~ + +.. code-block: xml + + <CertInfo> + <SubjectAltName>test.example.com</SubjectAltName> + <Group name="apache"> + <Cert key="/etc/pki/tls/private/foo.key" days="730"/> + </Group> + <Group name="nginx"> + <Cert key="/etc/pki/tls/private/foo.key" days="730" + append_chain="true"/> + </Group> + </CertInfo> + key.xml ------- -``key.xml`` is an XML document describing an SSL key. It contains a -top-level ``KeyInfo`` tag that contains a single ``Key`` tag. -(``Group`` and ``Client`` tags are not currently supported in -``key.xml``.) The ``Key`` tag may take the following attributes: +``key.xml`` is an XML document describing an SSL key. It also honors +``Group`` and ``Client`` tags. It contains a top-level ``KeyInfo`` +tag that contains at least one ``Key`` tag. + +Key +~~~ + +The ``Cert`` tag explains how the certificate should be generated. +There should be at least one ``Cert`` tag, and at most one ``Cert`` +tag should apply to any given client. +--------------+------------------------------------------+---------+---------+ | Attribute | Description | Values | Default | @@ -204,6 +239,20 @@ top-level ``KeyInfo`` tag that contains a single ``Key`` tag. | bits | The key length | Integer | 2048 | +--------------+------------------------------------------+---------+---------+ +Example +~~~~~~~ + +.. code-block: xml + + <KeyInfo> + <Group name="fast"> + <Key type="rsa" bits="1024"/> + </Group> + <Group name="secure"> + <Key type="rsa" bits="4096"/> + </Group> + </KeyInfo> + Automated Bcfg2 SSL Authentication ================================== |