You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

83 lines
2.7 KiB

5 years ago
5 years ago
  1. .\" Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
  2. .\"
  3. .\" Copying and distribution of this file, with or without modification,
  4. .\" are permitted in any medium without royalty provided the copyright
  5. .\" notice and this notice are preserved. This file is offered as-is,
  6. .\" without any warranty.
  7. .Dd June 12, 2020
  8. .Dt TACD 8
  9. .Os
  10. .Sh NAME
  11. .Nm tacd
  12. .Nd TLS-ALPN Challenge Daemon
  13. .Sh SYNOPSIS
  14. .Nm
  15. .Op Fl e|--acme-ext Ar STRING
  16. .Op Fl -acme-ext-file Ar FILE
  17. .Op Fl d|--domain Ar STRING
  18. .Op Fl -domain-file Ar STRING
  19. .Op Fl f|--foreground
  20. .Op Fl h|--help
  21. .Op Fl l|--listen Ar host:port
  22. .Op Fl -log-stderr
  23. .Op Fl -log-syslog
  24. .Op Fl -log-level Ar LEVEL
  25. .Op Fl -pid-file Ar FILE
  26. .Op Fl V|--version
  27. .Sh DESCRIPTION
  28. .Nm
  29. is a server that will listen to incoming Transport Layer Security
  30. .Pq TLS
  31. connections and, if the
  32. .Em acme-tls/1
  33. protocol has been declared during the Application-Layer Protocol Negotiation
  34. .Pq ALPN ,
  35. present a self-signed certificate in order to attempt to solve the TLS-ALPN-01 challenge. It then drops the connection.
  36. .Pp
  37. In order to generate the self-signed certificate, it is required to specify both the
  38. .Em domain name
  39. to validate and the
  40. .Em acmeIdentifier extension .
  41. If one of those values is not specified using the available options, it is read from the standard input. When reading from the standard input, a new line character is expected at the end. In the case both values needs to be read from the standard input, the
  42. .Em domain name
  43. is read first, then the
  44. .Em acmeIdentifier extension .
  45. .Pp
  46. The options are as follows:
  47. .Bl -tag
  48. .It Fl e, -acme-ext Ar STRING
  49. The acmeIdentifier extension to set in the self-signed certificate.
  50. .It Fl -acme-ext-file Ar FILE
  51. File from which is read the acmeIdentifier extension to set in the self-signed certificate.
  52. .It Fl d, -domain Ar STRING
  53. The domain that is being validated.
  54. .It Fl -domain-file Ar STRING
  55. File from which is read the domain that is being validated.
  56. .It Fl f, -foreground
  57. Runs in the foreground.
  58. .It Fl h, -help
  59. Prints help information.
  60. .It Fl i, -listen Ar host:port | unix:path
  61. Specifies the host and port combination or the unix socket to listen on.
  62. .It Fl -log-stderr
  63. Prints log messages to the standard error output.
  64. .It Fl -log-syslog
  65. Sends log messages via syslog.
  66. .It Fl -log-level Ar LEVEL
  67. Specify the log level. Possible values: error, warn, info, debug and trace.
  68. .It Fl -pid-file Ar FILE
  69. Specifies the location of the PID file.
  70. .It Fl V, -version
  71. Prints version information.
  72. .Sh SEE ALSO
  73. .Xr acmed.toml 5
  74. .Sh STANDARDS
  75. .Rs
  76. .%A R.B. Shoemaker
  77. .%D February 2020
  78. .%R RFC 8737
  79. .%T Automated Certificate Management Environment (ACME) TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension
  80. .Re
  81. .Sh AUTHORS
  82. .An Rodolphe Bréard
  83. .Aq rodolphe@breard.tf