From 5c5edfa9b3a2f3baad06802269e7acd1d3e77566 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Tue, 13 Aug 2013 08:21:25 -0400 Subject: Rewrote SSLCA as Cfg handler. This adds encryption support to SSL key creation (much like SSH private keys), and the ability to generate keys and certs that are specific to groups, instead of just to hosts. It also moves the SSLCA data (the XML files describing keys and certs as well as the keys and certs themselves) into the Cfg tree, rather than off in their own separate place. tools/upgrade/1.4/migrate_sslca.py can be used to migrate to the new format. This also adds XMLCfgCreator, a CfgCreator that makes it easier to create data based on XML descriptions of it (which is exactly what the SSH key and SSL CA creators do), including built-in support for host- and group-specific data, encryption, and so on. --- doc/man/bcfg2.conf.txt | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'doc/man/bcfg2.conf.txt') diff --git a/doc/man/bcfg2.conf.txt b/doc/man/bcfg2.conf.txt index 24bcb5142..f5612e08f 100644 --- a/doc/man/bcfg2.conf.txt +++ b/doc/man/bcfg2.conf.txt @@ -107,7 +107,6 @@ plugins SEModules ServiceCompat SSHbase - SSLCA Svn TemplateHelper Trigger @@ -364,12 +363,6 @@ The SSHbase generator plugin manages ssh host keys (both v1 and v2) for hosts. It also manages the ssh_known_hosts file. It can integrate host keys from other management domains and similarly export its keys. -SSLCA Plugin -++++++++++++ - -The SSLCA plugin is designed to handle creation of SSL privatekeys and -certificates on request. - Svn Plugin ++++++++++ @@ -610,11 +603,12 @@ the configuration file. running in paranoid mode. Only the most recent versions of these copies will be kept. -SSLCA options -------------- +SSL CA options +-------------- -These options are necessary to configure the SSLCA plugin and can be -found in the **[sslca_default]** section of the configuration file. +These options are necessary to configure the SSL CA feature of the Cfg +plugin and can be found in the **[sslca_default]** section of the +configuration file. config Specifies the location of the openssl configuration file for -- cgit v1.2.3-1-g7c22