blob: 4998b699978435ad529d8af58a7a3218776d4ae7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
rootd
rootd is a stripped down implmenetation of (only) the server side of
the up-down protocol.
It's a separate program because the root certificate of an RPKI
certificate tree requires special handling and may also require a
special handling policy. rootd is a simple implementation intended for
test use, it's not suitable for use in a production system. All
configuration comes via the config file.
The default config file is rootd.conf, start rootd with "-c filename"
to choose a different config file. All options are in the section
"[rootd]". Certificates, keys, and trust anchors may be in either DER
or PEM format.
Config file options:
* bpki-ta: Name of file containing BPKI trust anchor. All BPKI
certificate validation in rootd traces back to this trust anchor.
* rootd-bpki-cert: Name of file containing rootd's own BPKI
certificate.
* rootd-bpki-key: Name of file containing RSA key corresponding to
rootd-bpki-cert.
* rootd-bpki-crl: Name of file containing BPKI CRL that would cover
rootd-bpki-cert had it been revoked.
* child-bpki-cert: Name of file containing BPKI certificate for
rootd's one and only child (RPKI engine to which rootd issues an
RPKI certificate).
* server-host: Hostname or IP address on which to listen for HTTPS
connections. Default is localhost.
* server-port: TCP port on which to listen for HTTPS connections.
* rpki-root-key: Name of file containing RSA key to use in signing
resource certificates.
* rpki-root-cert: Name of file containing self-signed root resource
certificate corresponding to rpki-root-key.
* rpki-root-dir: Name of directory where rootd should write RPKI
subject certificate, manifest, and CRL.
* rpki-subject-cert: Name of file that rootd should use to save the
one and only certificate it issues. Default is "Subroot.cer".
* rpki-root-crl: Name of file to which rootd should save its RPKI
CRL. Default is "Root.crl".
* rpki-root-manifest: Name of file to which rootd should save its
RPKI manifest. Default is "Root.mnf".
* rpki-subject-pkcs10: Name of file that rootd should use when saving
a copy of the received PKCS #10 request for a resource certificate.
This is only used for debugging. Default is not to save the PKCS
#10 request.
__________________________________________________________________
Generated on Fri Apr 16 00:33:45 2010 for RPKI Engine by doxygen
1.6.3
|
