mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-06-22 14:10:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: tls internal subdirectives

Browse source
This commit is contained in:
Francis Lavoie 2022-03-09 03:56:09 -05:00
parent 7f754b0e13
commit 0edb8ae10a
No known key found for this signature in database
GPG key ID: E73DB3ECE64E7885
1 changed files with 16 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/docs/markdown/caddyfile/directives/tls.md
View file

@ -177,12 +177,15 @@ Obtains certificates from an internal certificate authority.
```caddy
... internal {
ca <name>
ca <name>
lifetime <duration>
sign_with_root
}
```
- **ca** is the name of the internal CA to use. Default: `local`. See the [PKI app global options](/docs/caddyfile/options#pki-options) to configure alternate CAs.
- **ca** <span id="ca"/> is the name of the internal CA to use. Default: `local`. See the [PKI app global options](/docs/caddyfile/options#pki-options) to configure alternate CAs.
- **lifetime** <span id="lifetime"/> is a [duration value](/docs/conventions#durations) that sets the validity period for interally issued leaf certificates. Default: 12h. It is NOT recommended to not change this, unless absolutely necessary.
- **sign_with_root** <span id="sign_with_root"/> forces the root to be the issuer instead of the intermediate. This is NOT recommended and should only be used when devices/clients do not properly validate certificate chains (very uncommon).
## Examples
@ -207,6 +210,16 @@ tls internal {
}
```
Use custom options for the internal CA (cannot use the `tls internal` shortcut):
```caddy-d
tls {
issuer internal {
ca foo
}
}
```
Specify an email address for your ACME account (but if only one email is used for all sites, we recommend the `email` [global option](/docs/caddyfile/options) instead):
```caddy-d