mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-05-07 12:17:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

doc(client_auth): Add multiple trusted_ca directive notes

Browse source 
- Update the example as well
This commit is contained in:
Daniel Santos 2020-06-08 17:27:07 -06:00
parent b77b67b914
commit 932b1912ff
No known key found for this signature in database
GPG key ID: A229BF2C70CA3B94
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/docs/markdown/caddyfile/directives/tls.md
View file

@ -88,6 +88,9 @@ client_auth {
- **trusted_ca_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected. - **trusted_ca_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
- **trusted_leaf_cert** is a base64 DER-encoded client leaf certificate to accept. Client certificates which are not signed by any of these CAs will be rejected. - **trusted_leaf_cert** is a base64 DER-encoded client leaf certificate to accept. Client certificates which are not signed by any of these CAs will be rejected.
- **trusted_leaf_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected. - **trusted_leaf_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
Multiple `trusted_*` directives may be specified as a way to chain multiple CA or leaf certificates.
- **mode** is the mode for authenticating the client. Allowed values are: - **mode** is the mode for authenticating the client. Allowed values are:
| Mode | Description | | Mode | Description |
|--------------------|------------------------------------------------------------------------------------------| |--------------------|------------------------------------------------------------------------------------------|
@ -134,13 +137,14 @@ tls {
} }
``` ```
Enable TLS Client Authentication and require clients to present a valid certificate that is verified against the provided `trusted_ca_cert_file` Enable TLS Client Authentication and require clients to present a valid certificate that is verified against all the provided CA's via `trusted_ca_cert_file`
```caddy-d ```caddy-d
tls { tls {
client_auth { client_auth {
mode require_and_verify mode require_and_verify
trusted_ca_cert_file ../caddy.ca.cer trusted_ca_cert_file ../caddy.ca.cer
trusted_ca_cert_file ../root.ca.cer
} }
} }
``` ```