diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 19:51:56 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 19:53:45 +0100 |
commit | 79edb6eea5e009e5b49876728f7477a8524e98ec (patch) | |
tree | a05cc79dfab02a10a834addf61b4297799d64896 /lacme.8.md | |
parent | e8980fb172221cbffd7fa672d65da0a806524e72 (diff) |
documentation: emphasize default values in the config file.
Also, move the most common options ('hash', 'keyUsage', 'CAfile',
'min-days') to the default section.
Diffstat (limited to 'lacme.8.md')
-rw-r--r-- | lacme.8.md | 14 |
1 files changed, 9 insertions, 5 deletions
@@ -366,18 +366,21 @@ Valid options are: *CAfile* -: Path to trusted issuer certificates, used for validating each issued - certificate. Specifying an empty values skips certificate validation. +: Path to the bundle of trusted issuer certificates. This is used for + validating each certificate after issuance or renewal. Specifying + an empty value skips certificate validation. Default: `@@datadir@@/lacme/ca-certificates.crt`. *hash* -: Message digest algorithm to sign the Certificate Signing Request - with. +: Message digest to sign the Certificate Signing Request with, + overriding the [`req`(1ssl)] default. *keyUsage* -: Comma-separated list of Key Usages, see [`x509v3_config`(5ssl)]. +: Comma-separated list of Key Usages, for instance `digitalSignature, + keyEncipherment`, to include in the Certificate Signing Request. + See [`x509v3_config`(5ssl)] for a list of possible values. *subject* @@ -425,3 +428,4 @@ See also [`ciphers`(1ssl)]: https://www.openssl.org/docs/manmaster/apps/ciphers.html [`x509v3_config`(5ssl)]: https://www.openssl.org/docs/manmaster/apps/x509v3_config.html [`genpkey`(1ssl)]: https://www.openssl.org/docs/manmaster/man1/openssl-genpkey.html +[`req`(1ssl)]: https://www.openssl.org/docs/manmaster/man1/openssl-req.html |