diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-14 23:46:40 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-15 01:31:29 +0100 |
| commit | f62a66c6ce82d9a1af241dc3952250362e601d45 (patch) | |
| tree | 454cbfef10eab4063ac8234fc808b426eab94b65 /lacme.8.md | |
| parent | 5dcb74302029ffcfd076f9ab10329e2196f17f85 (diff) | |
Add support for TLS Feature extension from RFC 7633.
This is mostly useful for OCSP Must-Staple.
Diffstat (limited to 'lacme.8.md')
| -rw-r--r-- | lacme.8.md | 33 |
1 files changed, 20 insertions, 13 deletions
@@ -368,6 +368,18 @@ Valid options are: Default: the value of the CLI option `--min-days`, or `21` if there is no such option. +*subject* + +: Subject field of the Certificate Signing Request, in the form + `/type0=value0/type1=value1/type2=…`. This option is required. + +*subjectAltName* + +: Comma-separated list of Subject Alternative Names, in the form + `type0:value1,type1:value1,type2:…` + The only `type` currently supported is `DNS`, to specify an + alternative domain name. + *CAfile* : Path to the bundle of trusted issuer certificates. This is used for @@ -384,21 +396,15 @@ Valid options are: : Comma-separated list of Key Usages, for instance `digitalSignature, keyEncipherment`, to include in the Certificate Signing Request. - See [`x509v3_config`(5ssl)] for a list of possible values. - See x509v3_config(5ssl) for a list of possible values. Note that - the ACME might override the value provided here. - -*subject* + See [`x509v3_config`(5ssl)] for a list of possible values. Note + that the ACME server might override the value provided here. -: Subject field of the Certificate Signing Request, in the form - `/type0=value0/type1=value1/type2=…`. This option is required. +*tlsfeature* -*subjectAltName* - -: Comma-separated list of Subject Alternative Names, in the form - `type0:value1,type1:value1,type2:…` - The only `type` currently supported is `DNS`, to specify an - alternative domain name. +: Comma-separated list of [TLS extension][TLS Feature extension] + identifiers, such as `status_request` for OCSP Must-Staple. + See [`x509v3_config`(5ssl)] for a list of possible values. Note + that the ACME server might override the value provided here. *chown* @@ -429,6 +435,7 @@ See also [`lacme-accountd`(1)] [ACME]: https://tools.ietf.org/html/rfc8555 +[TLS Feature extension]: https://tools.ietf.org/html/rfc7633 [`lacme-accountd`(1)]: lacme-accountd.1.html [`iptables`(8)]: https://linux.die.net/man/8/iptables [`ciphers`(1ssl)]: https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html |