Add ADCS Plugin Configuration to Docs
Add configuration options based on https://github.com/Netflix/lemur/pull/2255#issue-240136873
This commit is contained in:
parent
41c781318c
commit
66bff57c04
|
@ -593,8 +593,60 @@ If you are not using a metric provider you do not need to configure any of these
|
|||
Plugin Specific Options
|
||||
-----------------------
|
||||
|
||||
Active Directory Certificate Services Plugin
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
||||
.. data:: ADCS_SERVER
|
||||
:noindex:
|
||||
|
||||
FQDN of your ADCS Server
|
||||
|
||||
|
||||
.. data:: ADCS_AUTH_METHOD
|
||||
:noindex:
|
||||
|
||||
The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (SSL client certificate). The next 2 variables are interpreted differently for different methods.
|
||||
|
||||
|
||||
.. data:: ADCS_USER
|
||||
:noindex:
|
||||
|
||||
The username (basic) or the path to the public cert (cert) of the user accessing PKI
|
||||
|
||||
|
||||
.. data:: ADCS_PWD
|
||||
:noindex:
|
||||
|
||||
The passwd (basic) or the path to the private key (cert) of the user accessing PKI
|
||||
|
||||
|
||||
.. data:: ADCS_TEMPLATE
|
||||
:noindex:
|
||||
|
||||
Template to be used for certificate issuing. Usually display name w/o spaces
|
||||
|
||||
|
||||
.. data:: ADCS_START
|
||||
:noindex:
|
||||
|
||||
.. data:: ADCS_STOP
|
||||
:noindex:
|
||||
|
||||
.. data:: ADCS_ISSUING
|
||||
:noindex:
|
||||
|
||||
Contains the issuing cert of the CA
|
||||
|
||||
|
||||
.. data:: ADCS_ROOT
|
||||
:noindex:
|
||||
|
||||
Contains the root cert of the CA
|
||||
|
||||
|
||||
Verisign Issuer Plugin
|
||||
^^^^^^^^^^^^^^^^^^^^^^
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Authorities will each have their own configuration options. There is currently just one plugin bundled with Lemur,
|
||||
Verisign/Symantec. Additional plugins may define additional options. Refer to the plugin's own documentation
|
||||
|
@ -642,7 +694,7 @@ for those plugins.
|
|||
|
||||
|
||||
Digicert Issuer Plugin
|
||||
^^^^^^^^^^^^^^^^^^^^^^
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The following configuration properties are required to use the Digicert issuer plugin.
|
||||
|
||||
|
@ -690,7 +742,7 @@ The following configuration properties are required to use the Digicert issuer p
|
|||
|
||||
|
||||
CFSSL Issuer Plugin
|
||||
^^^^^^^^^^^^^^^^^^^
|
||||
~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The following configuration properties are required to use the CFSSL issuer plugin.
|
||||
|
||||
|
@ -716,7 +768,7 @@ The following configuration properties are required to use the CFSSL issuer plug
|
|||
|
||||
|
||||
Hashicorp Vault Source/Destination Plugin
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Lemur can import and export certificate data to and from a Hashicorp Vault secrets store. Lemur can connect to a different Vault service per source/destination.
|
||||
|
||||
|
@ -738,7 +790,7 @@ Vault Destination supports a regex filter to prevent certificates with SAN that
|
|||
|
||||
|
||||
AWS Source/Destination Plugin
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
In order for Lemur to manage its own account and other accounts we must ensure it has the correct AWS permissions.
|
||||
|
||||
|
@ -1086,18 +1138,6 @@ progress and the API is not frozen.
|
|||
|
||||
Lemur includes several plugins by default. Including extensive support for AWS, VeriSign/Symantec.
|
||||
|
||||
Active Directory Certificate Services
|
||||
--------
|
||||
|
||||
:Authors:
|
||||
sirferl
|
||||
:Type:
|
||||
Issuer
|
||||
:Description:
|
||||
Enables the creation of certificates by ADCS (Active Directory Certificate Services)
|
||||
:Links:
|
||||
https://github.com/sirferl/lemur
|
||||
|
||||
Verisign/Symantec
|
||||
-----------------
|
||||
|
||||
|
|
Loading…
Reference in New Issue