aboutsummaryrefslogtreecommitdiffstats
path: root/lacme.8.md
diff options
context:
space:
mode:
Diffstat (limited to 'lacme.8.md')
-rw-r--r--lacme.8.md33
1 files changed, 20 insertions, 13 deletions
diff --git a/lacme.8.md b/lacme.8.md
index 76cdd0d..00a62a2 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -368,6 +368,18 @@ Valid options are:
Default: the value of the CLI option `--min-days`, or `21` if there
is no such option.
+*subject*
+
+: Subject field of the Certificate Signing Request, in the form
+ `/type0=value0/type1=value1/type2=…`. This option is required.
+
+*subjectAltName*
+
+: Comma-separated list of Subject Alternative Names, in the form
+ `type0:value1,type1:value1,type2:…`
+ The only `type` currently supported is `DNS`, to specify an
+ alternative domain name.
+
*CAfile*
: Path to the bundle of trusted issuer certificates. This is used for
@@ -384,21 +396,15 @@ Valid options are:
: Comma-separated list of Key Usages, for instance `digitalSignature,
keyEncipherment`, to include in the Certificate Signing Request.
- See [`x509v3_config`(5ssl)] for a list of possible values.
- See x509v3_config(5ssl) for a list of possible values. Note that
- the ACME might override the value provided here.
-
-*subject*
+ See [`x509v3_config`(5ssl)] for a list of possible values. Note
+ that the ACME server might override the value provided here.
-: Subject field of the Certificate Signing Request, in the form
- `/type0=value0/type1=value1/type2=…`. This option is required.
+*tlsfeature*
-*subjectAltName*
-
-: Comma-separated list of Subject Alternative Names, in the form
- `type0:value1,type1:value1,type2:…`
- The only `type` currently supported is `DNS`, to specify an
- alternative domain name.
+: Comma-separated list of [TLS extension][TLS Feature extension]
+ identifiers, such as `status_request` for OCSP Must-Staple.
+ See [`x509v3_config`(5ssl)] for a list of possible values. Note
+ that the ACME server might override the value provided here.
*chown*
@@ -429,6 +435,7 @@ See also
[`lacme-accountd`(1)]
[ACME]: https://tools.ietf.org/html/rfc8555
+[TLS Feature extension]: https://tools.ietf.org/html/rfc7633
[`lacme-accountd`(1)]: lacme-accountd.1.html
[`iptables`(8)]: https://linux.die.net/man/8/iptables
[`ciphers`(1ssl)]: https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 01:40:45 +0000