diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/management-notes.txt | 22 | ||||
-rw-r--r-- | doc/openvpn.8 | 9 |
2 files changed, 31 insertions, 0 deletions
diff --git a/doc/management-notes.txt b/doc/management-notes.txt index ef39b85..0265d55 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -777,6 +777,28 @@ correct signature. This capability is intended to allow the use of arbitrary cryptographic service providers with OpenVPN via the management interface. +COMMAND -- certificate (OpenVPN 2.4 or higher) +---------------------------------------------- +Provides support for external storage of the certificate. Requires the +--management-external-cert option. This option can be used instead of "cert" +in client mode. On SSL protocol initialization a notification will be sent +to the management interface with a hint as follows: + +>NEED-CERTIFICATE:macosx-keychain:subject:o=OpenVPN-TEST + +The management interface client should use the hint to obtain the specific +SSL certificate and then return base64 encoded certificate as follows: + +certificate +[BASE64_CERT_LINE] +. +. +. +END + +This capability is intended to allow the use of certificates +stored outside of the filesystem (e.g. in Mac OS X Keychain) +with OpenVPN via the management interface. OUTPUT FORMAT ------------- diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 9551566..8b3e1a2 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -2591,6 +2591,15 @@ Allows usage for external private key file instead of option (client-only). .\"********************************************************* .TP +.B \-\-management-external-cert certificate-hint +Allows usage for external certificate instead of +.B \-\-cert +option (client-only). +.B certificate-hint +is an arbitrary string which is passed to a management +interface client as an argument of NEED-CERTIFICATE notification. +.\"********************************************************* +.TP .B \-\-management-forget-disconnect Make OpenVPN forget passwords when management session disconnects. |