diff options
| author | James Yonan <james@openvpn.net> | 2011-04-25 04:58:34 +0000 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2011-04-26 22:29:12 +0200 |
| commit | 7966d75a9d41453a56e41eaae7b0fd64f75f7ec3 (patch) | |
| tree | 97e65f4bb5d010a61a1fbb99d7253ac5350550fb /openvpn.8 | |
| parent | d5497262ae1d1a7cf50a45b5ab6750f63bf8565d (diff) | |
| download | openvpn-7966d75a9d41453a56e41eaae7b0fd64f75f7ec3.tar.gz openvpn-7966d75a9d41453a56e41eaae7b0fd64f75f7ec3.tar.xz openvpn-7966d75a9d41453a56e41eaae7b0fd64f75f7ec3.zip | |
Added new "extra-certs" and "verify-hash" options (see man page for
details).
Increase the timeout after SIGUSR1 restart when restart is not
due to server_poll_timeout.
Version 2.1.3v
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7215 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
| -rw-r--r-- | openvpn.8 | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -3887,6 +3887,22 @@ that for certificate authority functions, you must set up the files ). .\"********************************************************* .TP +.B --extra-certs file +Specify a +.B file +containing one or more PEM certs (concatenated together) +that complete the +local certificate chain. + +This option is useful for "split" CAs, where the CA for server +certs is different than the CA for client certs. Putting certs +in this file allows them to be used to complete the local +certificate chain without trusting them to verify the peer-submitted +certificate, as would be the case if the certs were placed in the +.B ca +file. +.\"********************************************************* +.TP .B --key file Local peer's private key in .pem format. Use the private key which was generated when you built your peer's certificate (see @@ -3903,6 +3919,17 @@ and .B --key. .\"********************************************************* .TP +.B --verify-hash hash +Specify SHA1 fingerprint for level-1 cert. The level-1 cert is the +CA (or intermediate cert) that signs the leaf certificate, and is +one removed from the leaf certificate in the direction of the root. +When accepting a connection from a peer, the level-1 cert +fingerprint must match +.B hash +or certificate verification will fail. Hash is specified +as XX:XX:... For example: AD:B0:95:D8:09:C8:36:45:12:A9:89:C8:90:09:CB:13:72:A6:AD:16 +.\"********************************************************* +.TP .B --pkcs11-cert-private [0|1]... Set if access to certificate object should be performed after login. Every provider has its own setting. |