summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris St. Pierre <chris.a.st.pierre@gmail.com>2012-11-06 09:50:41 -0500
committerChris St. Pierre <chris.a.st.pierre@gmail.com>2012-11-06 09:54:53 -0500
commitd311282ac118130ba792d68805c35f98b97a1602 (patch)
tree5b82860bc6a0e9af54d31f4f741fb6560339e2d1
parent82aded9a3878b2aa34f66e4fd8955b883bf9bc10 (diff)
downloadbcfg2-d311282ac118130ba792d68805c35f98b97a1602.tar.gz
bcfg2-d311282ac118130ba792d68805c35f98b97a1602.tar.bz2
bcfg2-d311282ac118130ba792d68805c35f98b97a1602.zip
improved SSLCA cert.xml/key.xml docs
-rw-r--r--doc/server/plugins/generators/sslca.txt70
1 files changed, 68 insertions, 2 deletions
diff --git a/doc/server/plugins/generators/sslca.txt b/doc/server/plugins/generators/sslca.txt
index 4c1845406..2b07f91fe 100644
--- a/doc/server/plugins/generators/sslca.txt
+++ b/doc/server/plugins/generators/sslca.txt
@@ -113,6 +113,9 @@ that CA must contain full (not relative) paths.
Configuration
=============
+bcfg2.conf
+----------
+
``bcfg2.conf`` contains miscellaneous configuration options for the
SSLCA plugin. These are described in some detail above in
`getting-started`, but are also enumerated here as a reference. Any
@@ -138,6 +141,69 @@ Each directive below should appear at most once in each
Only ``config`` is required.
+cert.xml
+--------
+
+``cert.xml`` is an XML document describing an SSL certificate
+generated from an SSL key that has also been generated by SSLCA. It
+contains a top-level ``CertInfo`` tag that contains a single ``Cert``
+tag. (``Group`` and ``Client`` tags are not currently supported in
+``cert.xml``.) The ``Cert`` tag may take the following attributes:
+
++--------------+------------------------------------------+---------+---------+
+| Attribute | Description | Values | Default |
++==============+==========================================+=========+=========+
+| key | The full path to the key to use for this | String | None |
+| | certificate. This is the only required | | |
+| | attribute. | | |
++--------------+------------------------------------------+---------+---------+
+| format | The format of cert to produce. Currently | 'pem' | 'pem' |
+| | only pem certificates are supported. | | |
++--------------+------------------------------------------+---------+---------+
+| ca | The name of the CA (from ``bcfg2.conf``) | String | default |
+| | to use to generate this certificate. | | |
++--------------+------------------------------------------+---------+---------+
+| days | Time (in days) the certificate should be | Integer | 365 |
+| | valid for | | |
++--------------+------------------------------------------+---------+---------+
+| c | Override the country set in the CA | String | None |
+| | config | | |
++--------------+------------------------------------------+---------+---------+
+| l | Override the location set in the CA | String | None |
+| | config | | |
++--------------+------------------------------------------+---------+---------+
+| st | Override the state set in the CA config | String | None |
++--------------+------------------------------------------+---------+---------+
+| ou | Override the organizational unit set in | String | None |
+| | the CA config | | |
++--------------+------------------------------------------+---------+---------+
+| o | Override the organization set in the CA | String | None |
+| | config | | |
++--------------+------------------------------------------+---------+---------+
+| emailaddress | Override the email address set in the CA | String | None |
+| | config | | |
++--------------+------------------------------------------+---------+---------+
+| append_chain | Append the CA chain certificate to the | Boolean | False |
+| | certificate (e.g., to produce a cert in | | |
+| | the format required by Nginx) | | |
++--------------+------------------------------------------+---------+---------+
+
+key.xml
+-------
+
+``key.xml`` is an XML document describing an SSL key. It contains a
+top-level ``KeyInfo`` tag that contains a single ``Key`` tag.
+(``Group`` and ``Client`` tags are not currently supported in
+``key.xml``.) The ``Key`` tag may take the following attributes:
+
++--------------+------------------------------------------+---------+---------+
+| Attribute | Description | Values | Default |
++==============+==========================================+=========+=========+
+| type | The key type | rsa|dsa | 'rsa' |
++--------------+------------------------------------------+---------+---------+
+| bits | The key length | Integer | 2048 |
++--------------+------------------------------------------+---------+---------+
+
Automated Bcfg2 SSL Authentication
==================================
@@ -192,7 +258,7 @@ paths should be adjusted to suite your preferences.
mv bcfg2ca.key /etc/pki/CA/private/
mv bcfg2ca.crt /etc/pki/CA/certs/
-Your self-signing CA is now ready to use.
+Your self-signing CA is now ready to use.
Bcfg2
-----
@@ -227,7 +293,7 @@ example:
<Path name='/etc/pki/tls/bcfg2client.crt'/>
<Path name='/etc/pki/tls/private/bcfg2client.key'/>
-Here's a more complete example bcfg2-client bundle:
+Here's a more complete example bcfg2-client bundle:
.. code-block:: xml