diff options
Diffstat (limited to 'rpkid/doc/rootd')
| -rw-r--r-- | rpkid/doc/rootd | 103 |
1 files changed, 57 insertions, 46 deletions
diff --git a/rpkid/doc/rootd b/rpkid/doc/rootd index 4998b699..9dce309f 100644 --- a/rpkid/doc/rootd +++ b/rpkid/doc/rootd @@ -1,66 +1,77 @@ -rootd - rootd is a stripped down implmenetation of (only) the server side of - the up-down protocol. - It's a separate program because the root certificate of an RPKI - certificate tree requires special handling and may also require a - special handling policy. rootd is a simple implementation intended for - test use, it's not suitable for use in a production system. All - configuration comes via the config file. +****** rootd ****** - The default config file is rootd.conf, start rootd with "-c filename" - to choose a different config file. All options are in the section - "[rootd]". Certificates, keys, and trust anchors may be in either DER - or PEM format. +rootd is a stripped down implmenetation of (only) the server side of the up- +down protocol. - Config file options: +It's a separate program because the root certificate of an RPKI certificate +tree requires special handling and may also require a special handling policy. +rootd is a simple implementation intended for test use, it's not suitable for +use in a production system. All configuration comes via the config file. - * bpki-ta: Name of file containing BPKI trust anchor. All BPKI - certificate validation in rootd traces back to this trust anchor. +The default config file is rootd.conf, start rootd with "-c filename" to choose +a different config file. All options are in the section "[rootd]". +Certificates, keys, and trust anchors may be in either DER or PEM format. - * rootd-bpki-cert: Name of file containing rootd's own BPKI - certificate. +Config file options: - * rootd-bpki-key: Name of file containing RSA key corresponding to - rootd-bpki-cert. - * rootd-bpki-crl: Name of file containing BPKI CRL that would cover - rootd-bpki-cert had it been revoked. +* bpki-ta: Name of file containing BPKI trust anchor. All BPKI certificate + validation in rootd traces back to this trust anchor. - * child-bpki-cert: Name of file containing BPKI certificate for - rootd's one and only child (RPKI engine to which rootd issues an - RPKI certificate). - * server-host: Hostname or IP address on which to listen for HTTPS - connections. Default is localhost. +* rootd-bpki-cert: Name of file containing rootd's own BPKI certificate. - * server-port: TCP port on which to listen for HTTPS connections. - * rpki-root-key: Name of file containing RSA key to use in signing - resource certificates. +* rootd-bpki-key: Name of file containing RSA key corresponding to rootd-bpki- + cert. - * rpki-root-cert: Name of file containing self-signed root resource - certificate corresponding to rpki-root-key. - * rpki-root-dir: Name of directory where rootd should write RPKI - subject certificate, manifest, and CRL. +* rootd-bpki-crl: Name of file containing BPKI CRL that would cover rootd-bpki- + cert had it been revoked. - * rpki-subject-cert: Name of file that rootd should use to save the - one and only certificate it issues. Default is "Subroot.cer". - * rpki-root-crl: Name of file to which rootd should save its RPKI - CRL. Default is "Root.crl". +* child-bpki-cert: Name of file containing BPKI certificate for rootd's one and + only child (RPKI engine to which rootd issues an RPKI certificate). + + +* server-host: Hostname or IP address on which to listen for HTTPS connections. + Default is localhost. + + +* server-port: TCP port on which to listen for HTTPS connections. + + +* rpki-root-key: Name of file containing RSA key to use in signing resource + certificates. + + +* rpki-root-cert: Name of file containing self-signed root resource certificate + corresponding to rpki-root-key. + + +* rpki-root-dir: Name of directory where rootd should write RPKI subject + certificate, manifest, and CRL. + + +* rpki-subject-cert: Name of file that rootd should use to save the one and + only certificate it issues. Default is "Subroot.cer". + + +* rpki-root-crl: Name of file to which rootd should save its RPKI CRL. Default + is "Root.crl". + + +* rpki-root-manifest: Name of file to which rootd should save its RPKI + manifest. Default is "Root.mnf". + + +* rpki-subject-pkcs10: Name of file that rootd should use when saving a copy of + the received PKCS #10 request for a resource certificate. This is only used + for debugging. Default is not to save the PKCS #10 request. + - * rpki-root-manifest: Name of file to which rootd should save its - RPKI manifest. Default is "Root.mnf". - * rpki-subject-pkcs10: Name of file that rootd should use when saving - a copy of the received PKCS #10 request for a resource certificate. - This is only used for debugging. Default is not to save the PKCS - #10 request. - __________________________________________________________________ - Generated on Fri Apr 16 00:33:45 2010 for RPKI Engine by doxygen - 1.6.3 |