diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-11-06 09:50:41 -0500 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-11-06 09:54:53 -0500 |
commit | d311282ac118130ba792d68805c35f98b97a1602 (patch) | |
tree | 5b82860bc6a0e9af54d31f4f741fb6560339e2d1 | |
parent | 82aded9a3878b2aa34f66e4fd8955b883bf9bc10 (diff) | |
download | bcfg2-d311282ac118130ba792d68805c35f98b97a1602.tar.gz bcfg2-d311282ac118130ba792d68805c35f98b97a1602.tar.bz2 bcfg2-d311282ac118130ba792d68805c35f98b97a1602.zip |
improved SSLCA cert.xml/key.xml docs
-rw-r--r-- | doc/server/plugins/generators/sslca.txt | 70 |
1 files changed, 68 insertions, 2 deletions
diff --git a/doc/server/plugins/generators/sslca.txt b/doc/server/plugins/generators/sslca.txt index 4c1845406..2b07f91fe 100644 --- a/doc/server/plugins/generators/sslca.txt +++ b/doc/server/plugins/generators/sslca.txt @@ -113,6 +113,9 @@ that CA must contain full (not relative) paths. Configuration ============= +bcfg2.conf +---------- + ``bcfg2.conf`` contains miscellaneous configuration options for the SSLCA plugin. These are described in some detail above in `getting-started`, but are also enumerated here as a reference. Any @@ -138,6 +141,69 @@ Each directive below should appear at most once in each Only ``config`` is required. +cert.xml +-------- + +``cert.xml`` is an XML document describing an SSL certificate +generated from an SSL key that has also been generated by SSLCA. It +contains a top-level ``CertInfo`` tag that contains a single ``Cert`` +tag. (``Group`` and ``Client`` tags are not currently supported in +``cert.xml``.) The ``Cert`` tag may take the following attributes: + ++--------------+------------------------------------------+---------+---------+ +| Attribute | Description | Values | Default | ++==============+==========================================+=========+=========+ +| key | The full path to the key to use for this | String | None | +| | certificate. This is the only required | | | +| | attribute. | | | ++--------------+------------------------------------------+---------+---------+ +| format | The format of cert to produce. Currently | 'pem' | 'pem' | +| | only pem certificates are supported. | | | ++--------------+------------------------------------------+---------+---------+ +| ca | The name of the CA (from ``bcfg2.conf``) | String | default | +| | to use to generate this certificate. | | | ++--------------+------------------------------------------+---------+---------+ +| days | Time (in days) the certificate should be | Integer | 365 | +| | valid for | | | ++--------------+------------------------------------------+---------+---------+ +| c | Override the country set in the CA | String | None | +| | config | | | ++--------------+------------------------------------------+---------+---------+ +| l | Override the location set in the CA | String | None | +| | config | | | ++--------------+------------------------------------------+---------+---------+ +| st | Override the state set in the CA config | String | None | ++--------------+------------------------------------------+---------+---------+ +| ou | Override the organizational unit set in | String | None | +| | the CA config | | | ++--------------+------------------------------------------+---------+---------+ +| o | Override the organization set in the CA | String | None | +| | config | | | ++--------------+------------------------------------------+---------+---------+ +| emailaddress | Override the email address set in the CA | String | None | +| | config | | | ++--------------+------------------------------------------+---------+---------+ +| append_chain | Append the CA chain certificate to the | Boolean | False | +| | certificate (e.g., to produce a cert in | | | +| | the format required by Nginx) | | | ++--------------+------------------------------------------+---------+---------+ + +key.xml +------- + +``key.xml`` is an XML document describing an SSL key. It contains a +top-level ``KeyInfo`` tag that contains a single ``Key`` tag. +(``Group`` and ``Client`` tags are not currently supported in +``key.xml``.) The ``Key`` tag may take the following attributes: + ++--------------+------------------------------------------+---------+---------+ +| Attribute | Description | Values | Default | ++==============+==========================================+=========+=========+ +| type | The key type | rsa|dsa | 'rsa' | ++--------------+------------------------------------------+---------+---------+ +| bits | The key length | Integer | 2048 | ++--------------+------------------------------------------+---------+---------+ + Automated Bcfg2 SSL Authentication ================================== @@ -192,7 +258,7 @@ paths should be adjusted to suite your preferences. mv bcfg2ca.key /etc/pki/CA/private/ mv bcfg2ca.crt /etc/pki/CA/certs/ -Your self-signing CA is now ready to use. +Your self-signing CA is now ready to use. Bcfg2 ----- @@ -227,7 +293,7 @@ example: <Path name='/etc/pki/tls/bcfg2client.crt'/> <Path name='/etc/pki/tls/private/bcfg2client.key'/> -Here's a more complete example bcfg2-client bundle: +Here's a more complete example bcfg2-client bundle: .. code-block:: xml |