From 932b1912ff766c1d960dd521e555a144d6141510 Mon Sep 17 00:00:00 2001 From: Daniel Santos Date: Mon, 8 Jun 2020 17:27:07 -0600 Subject: [PATCH] doc(client_auth): Add multiple trusted_ca directive notes - Update the example as well --- src/docs/markdown/caddyfile/directives/tls.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/docs/markdown/caddyfile/directives/tls.md b/src/docs/markdown/caddyfile/directives/tls.md index b1de3f8..e5439e2 100644 --- a/src/docs/markdown/caddyfile/directives/tls.md +++ b/src/docs/markdown/caddyfile/directives/tls.md @@ -88,6 +88,9 @@ client_auth { - **trusted_ca_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected. - **trusted_leaf_cert** is a base64 DER-encoded client leaf certificate to accept. Client certificates which are not signed by any of these CAs will be rejected. - **trusted_leaf_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected. + + Multiple `trusted_*` directives may be specified as a way to chain multiple CA or leaf certificates. + - **mode** is the mode for authenticating the client. Allowed values are: | Mode | Description | |--------------------|------------------------------------------------------------------------------------------| @@ -134,13 +137,14 @@ tls { } ``` -Enable TLS Client Authentication and require clients to present a valid certificate that is verified against the provided `trusted_ca_cert_file` +Enable TLS Client Authentication and require clients to present a valid certificate that is verified against all the provided CA's via `trusted_ca_cert_file` ```caddy-d tls { client_auth { mode require_and_verify trusted_ca_cert_file ../caddy.ca.cer + trusted_ca_cert_file ../root.ca.cer } } ```