Based on configuration of the backend modules, the CA certificate or the next CA certificate is returned as a DER or PEM encoded X509 certificate as per RFC5280.
Certificate Module
Return the CA certificate or next CA certificate as a response.
Return the CA certificate or next CA certificate as a response.
Based on configuration of the backend modules, the CA certificate or the next CA certificate is returned as a DER or PEM encoded X509 certificate as per RFC5280.
The
mod_cert
module is a
frontend module
and will not do anything useful until
mod_cert
has been combined with one or
more
backend modules
listed below. The
mod_cert
module uses the following hooks to get the CA certificate and next CA certificate, and suitable
backend modules
must be configured to implement each hook as needed.
All frontend modules run within a standard Apache httpd request, and standard httpd functionality applies in all cases.
This hook returns CA certificates for the given CA.
| mod_ca_engine | Returns CA certificates that would sign certificate sign requests by an HSM such as a smartcard. |
| mod_ca_simple | Returns CA certificates that would sign certificate sign requests by a certificate and key specified on disk. |
This hook returns certificates that were requested previously and generated at a possibly later date or time.
| mod_ca_engine | Returns the upcoming next CA certificates that would sign certificate sign requests by an HSM such as a smartcard. |
| mod_ca_simple | Returns the upcoming next CA certificates that would sign certificate sign requests by a certificate and key specified on disk. |
The simplest case: return the CA certificate and the next CA certificate to anybody who wants it.
# return these certificates
CASimpleCertificate /etc/pki/tls/ca-cert.pem
CASimpleNextCertificate /etc/pki/tls/ca-cert-next.pem
# frontend configuration:
SetHandler cert-ca
SetHandler cert-nextca
]]>The following parameters to the SetHandler directive are supported.
After calling the getca hook return the CA certificate as a DER or PEM encoded X509 certificate.
After calling the getnextca hook return the next CA certificate as a DEM or PEN encoded X509 certificate.
| Description | The max-age of the certificate will be divided by this factor. |
| Syntax |
Cert
|
| Default |
Cert
|
| Context | server config, virtual host, directory, .htaccess |
| Status | Frontend |
| Module | mod_cert |
| Compatibility | Introduced in mod_cert 0.2.0 and works with Apache HTTP Server 2.4.0 and later |
The age of the certificate will be divided by this factor when added as a max-age, set to zero to disable. Defaults to "2". An optional maximum value can be specified, defaults to one day.
| Description | Set the URL location of the WADL returned by the OPTIONS method. |
| Syntax |
Cert
|
| Default |
Cert
|
| Context | server config, virtual host, directory, .htaccess |
| Status | Frontend |
| Module | mod_cert |
| Compatibility | Introduced in mod_cert 0.2.0 and works with Apache HTTP Server 2.4.0 and later |
Set the URL location of the WADL returned by the OPTIONS method.
| Description | Set to the default encoding to be returned if not specified. |
| Syntax |
Cert
|
| Default |
Cert
|
| Context | server config, virtual host, directory, .htaccess |
| Status | Frontend |
| Module | mod_cert |
| Compatibility | Introduced in mod_cert 0.2.0 and works with Apache HTTP Server 2.4.0 and later |
Set the default encoding to be returned if not specified. Must be one of "pem", "x-pem" or "der".