You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

100 lines
3.1 KiB

5 years ago
4 years ago
  1. .\" Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
  2. .\"
  3. .\" Copying and distribution of this file, with or without modification,
  4. .\" are permitted in any medium without royalty provided the copyright
  5. .\" notice and this notice are preserved. This file is offered as-is,
  6. .\" without any warranty.
  7. .Dd September 26, 2020
  8. .Dt TACD 8
  9. .Os
  10. .Sh NAME
  11. .Nm tacd
  12. .Nd TLS-ALPN Challenge Daemon
  13. .Sh SYNOPSIS
  14. .Nm
  15. .Op Fl e|--acme-ext Ar STRING
  16. .Op Fl -acme-ext-file Ar FILE
  17. .Op Fl -crt-digest Ar STRING
  18. .Op Fl -crt-signature-alg Ar STRING
  19. .Op Fl d|--domain Ar STRING
  20. .Op Fl -domain-file Ar STRING
  21. .Op Fl f|--foreground
  22. .Op Fl h|--help
  23. .Op Fl l|--listen Ar host:port
  24. .Op Fl -log-stderr
  25. .Op Fl -log-syslog
  26. .Op Fl -log-level Ar LEVEL
  27. .Op Fl -pid-file Ar FILE
  28. .Op Fl V|--version
  29. .Sh DESCRIPTION
  30. .Nm
  31. is a server that will listen to incoming Transport Layer Security
  32. .Pq TLS
  33. connections and, if the
  34. .Em acme-tls/1
  35. protocol has been declared during the Application-Layer Protocol Negotiation
  36. .Pq ALPN ,
  37. present a self-signed certificate in order to attempt to solve the TLS-ALPN-01 challenge. It then drops the connection.
  38. .Pp
  39. In order to generate the self-signed certificate, it is required to specify both the
  40. .Em domain name
  41. to validate and the
  42. .Em acmeIdentifier extension .
  43. If one of those values is not specified using the available options, it is read from the standard input. When reading from the standard input, a new line character is expected at the end. In the case both values needs to be read from the standard input, the
  44. .Em domain name
  45. is read first, then the
  46. .Em acmeIdentifier extension .
  47. .Pp
  48. The options are as follows:
  49. .Bl -tag
  50. .It Fl e, -acme-ext Ar STRING
  51. The acmeIdentifier extension to set in the self-signed certificate.
  52. .It Fl -acme-ext-file Ar FILE
  53. File from which is read the acmeIdentifier extension to set in the self-signed certificate.
  54. .It Fl -crt-digest Ar STRING
  55. Set the certificate's digest algorithm. Possible values are:
  56. .Bl -dash -compact
  57. .It
  58. sha256
  59. .It
  60. sha384
  61. .It
  62. sha512
  63. .El
  64. .It Fl -crt-signature-alg Ar STRING
  65. Set the certificate's signature algorithm. Possible values depends on the cryptographic library support and can be listed using the
  66. .Em --help
  67. flag.
  68. .It Fl d, -domain Ar STRING
  69. The domain that is being validated.
  70. .It Fl -domain-file Ar STRING
  71. File from which is read the domain that is being validated.
  72. .It Fl f, -foreground
  73. Runs in the foreground.
  74. .It Fl h, -help
  75. Prints help information.
  76. .It Fl i, -listen Ar host:port | unix:path
  77. Specifies the host and port combination or the unix socket to listen on.
  78. .It Fl -log-stderr
  79. Prints log messages to the standard error output.
  80. .It Fl -log-syslog
  81. Sends log messages via syslog.
  82. .It Fl -log-level Ar LEVEL
  83. Specify the log level. Possible values: error, warn, info, debug and trace.
  84. .It Fl -pid-file Ar FILE
  85. Specifies the location of the PID file.
  86. .It Fl V, -version
  87. Prints version information.
  88. .El
  89. .Sh SEE ALSO
  90. .Xr acmed.toml 5
  91. .Sh STANDARDS
  92. .Rs
  93. .%A R.B. Shoemaker
  94. .%D February 2020
  95. .%R RFC 8737
  96. .%T Automated Certificate Management Environment (ACME) TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension
  97. .Re
  98. .Sh AUTHORS
  99. .An Rodolphe Bréard
  100. .Aq rodolphe@breard.tf