diff options
Diffstat (limited to 'rpkid/doc/rootd')
| -rw-r--r-- | rpkid/doc/rootd | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/rpkid/doc/rootd b/rpkid/doc/rootd deleted file mode 100644 index 3eb396e0..00000000 --- a/rpkid/doc/rootd +++ /dev/null @@ -1,56 +0,0 @@ -****** rootd ****** - -rootd is a stripped down implmenetation of (only) the server side of the up- -down protocol. - -It's a separate program because the root certificate of an RPKI certificate -tree requires special handling and may also require a special handling policy. -rootd is a simple implementation intended for test use, it's not suitable for -use in a production system. All configuration comes via the config file. - -The default config file is rootd.conf, start rootd with "-c filename" to choose -a different config file. All options are in the section "[rootd]". -Certificates, keys, and trust anchors may be in either DER or PEM format. - -Config file options: - -* bpki-ta: Name of file containing BPKI trust anchor. All BPKI certificate - validation in rootd traces back to this trust anchor. - -* rootd-bpki-cert: Name of file containing rootd's own BPKI certificate. - -* rootd-bpki-key: Name of file containing RSA key corresponding to rootd-bpki- - cert. - -* rootd-bpki-crl: Name of file containing BPKI CRL that would cover rootd-bpki- - cert had it been revoked. - -* child-bpki-cert: Name of file containing BPKI certificate for rootd's one and - only child (RPKI engine to which rootd issues an RPKI certificate). - -* server-host: Hostname or IP address on which to listen for HTTPS connections. - Default is localhost. - -* server-port: TCP port on which to listen for HTTPS connections. - -* rpki-root-key: Name of file containing RSA key to use in signing resource - certificates. - -* rpki-root-cert: Name of file containing self-signed root resource certificate - corresponding to rpki-root-key. - -* rpki-root-dir: Name of directory where rootd should write RPKI subject - certificate, manifest, and CRL. - -* rpki-subject-cert: Name of file that rootd should use to save the one and - only certificate it issues. Default is "Subroot.cer". - -* rpki-root-crl: Name of file to which rootd should save its RPKI CRL. Default - is "Root.crl". - -* rpki-root-manifest: Name of file to which rootd should save its RPKI - manifest. Default is "Root.mnf". - -* rpki-subject-pkcs10: Name of file that rootd should use when saving a copy of - the received PKCS #10 request for a resource certificate. This is only used - for debugging. Default is not to save the PKCS #10 request. |