You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

103 lines
3.2 KiB

5 years ago
3 years ago
  1. .\" Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
  2. .\"
  3. .\" Copying and distribution of this file, with or without modification,
  4. .\" are permitted in any medium without royalty provided the copyright
  5. .\" notice and this notice are preserved. This file is offered as-is,
  6. .\" without any warranty.
  7. .Dd May 8, 2022
  8. .Dt TACD 8
  9. .Os
  10. .Sh NAME
  11. .Nm tacd
  12. .Nd TLS-ALPN Challenge Daemon
  13. .Sh SYNOPSIS
  14. .Nm
  15. .Op Fl e|--acme-ext Ar STRING
  16. .Op Fl -acme-ext-file Ar FILE
  17. .Op Fl -crt-digest Ar STRING
  18. .Op Fl -crt-signature-alg Ar STRING
  19. .Op Fl d|--domain Ar STRING
  20. .Op Fl -domain-file Ar STRING
  21. .Op Fl f|--foreground
  22. .Op Fl h|--help
  23. .Op Fl l|--listen Ar host:port
  24. .Op Fl -log-stderr
  25. .Op Fl -log-syslog
  26. .Op Fl -log-level Ar LEVEL
  27. .Op Fl -no-pid-file
  28. .Op Fl -pid-file Ar FILE
  29. .Op Fl V|--version
  30. .Sh DESCRIPTION
  31. .Nm
  32. is a server that will listen to incoming Transport Layer Security
  33. .Pq TLS
  34. connections and, if the
  35. .Em acme-tls/1
  36. protocol has been declared during the Application-Layer Protocol Negotiation
  37. .Pq ALPN ,
  38. present a self-signed certificate in order to attempt to solve the TLS-ALPN-01 challenge. It then drops the connection.
  39. .Pp
  40. In order to generate the self-signed certificate, it is required to specify both the
  41. .Em domain name
  42. to validate and the
  43. .Em acmeIdentifier extension .
  44. If one of those values is not specified using the available options, it is read from the standard input. When reading from the standard input, a new line character is expected at the end. In the case both values needs to be read from the standard input, the
  45. .Em domain name
  46. is read first, then the
  47. .Em acmeIdentifier extension .
  48. .Pp
  49. The options are as follows:
  50. .Bl -tag
  51. .It Fl e, -acme-ext Ar STRING
  52. The acmeIdentifier extension to set in the self-signed certificate.
  53. .It Fl -acme-ext-file Ar FILE
  54. File from which is read the acmeIdentifier extension to set in the self-signed certificate.
  55. .It Fl -crt-digest Ar STRING
  56. Set the certificate's digest algorithm. Possible values are:
  57. .Bl -dash -compact
  58. .It
  59. sha256
  60. .It
  61. sha384
  62. .It
  63. sha512
  64. .El
  65. .It Fl -crt-signature-alg Ar STRING
  66. Set the certificate's signature algorithm. Possible values depends on the cryptographic library support and can be listed using the
  67. .Em --help
  68. flag.
  69. .It Fl d, -domain Ar STRING
  70. The domain that is being validated.
  71. .It Fl -domain-file Ar STRING
  72. File from which is read the domain that is being validated.
  73. .It Fl f, -foreground
  74. Runs in the foreground.
  75. .It Fl h, -help
  76. Prints help information.
  77. .It Fl i, -listen Ar host:port | unix:path
  78. Specifies the host and port combination or the unix socket to listen on.
  79. .It Fl -log-stderr
  80. Prints log messages to the standard error output.
  81. .It Fl -log-syslog
  82. Sends log messages via syslog.
  83. .It Fl -log-level Ar LEVEL
  84. Specify the log level. Possible values: error, warn, info, debug and trace.
  85. .It Fl -no-pid-file
  86. Do not create any PID file
  87. .It Fl -pid-file Ar FILE
  88. Specifies the location of the PID file.
  89. .It Fl V, -version
  90. Prints version information.
  91. .El
  92. .Sh SEE ALSO
  93. .Xr acmed.toml 5
  94. .Sh STANDARDS
  95. .Rs
  96. .%A R.B. Shoemaker
  97. .%D February 2020
  98. .%R RFC 8737
  99. .%T Automated Certificate Management Environment (ACME) TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension
  100. .Re
  101. .Sh AUTHORS
  102. .An Rodolphe Bréard
  103. .Aq rodolphe@breard.tf