Skip to content
Sections
>> Trisquel >> 软件包 >> etiona >> utils >> lacme
etiona  ] [  nabia  ] [  aramo  ]
[ 源代码: lacme  ]

软件包: lacme (0.4-1)

ACME client written with process isolation and minimal privileges in mind

lacme is divided into four components, each with its own executable:

 * A process to manage the account key and issue SHA-256 signatures needed for
   each ACME command.  (This process binds to a UNIX-domain socket to reply to
   signature requests from the ACME client.)  One can use the UNIX-domain
   socket forwarding facility of OpenSSH 6.7 and later to run this process on
   a different host.

 * A "master" process, which runs as root and is the only component
   with access to the private key material of the server keys.  It is used to
   fork the ACME client (and optionally the ACME webserver) after dropping
   root privileges.  For certificate issuances, it also generates Certificate
   Signing Requests, then verifies the validity of the issued certificate, and
   optionally reloads or restarts services.

 * An actual ACME client, which builds ACME commands and dialogues with
   the remote ACME server.  Since ACME commands need to be signed with the
   account key, the "master" process passes the UNIX-domain socket of the
   account key manager to the ACME client: data signatures are requested by
   writing the data to be signed to the socket.

 * For certificate issuances, an optional webserver, which is spawned
   by the "master" process when no service is listening on the HTTP port.
   (The only challenge type currently supported is "http-01", which requires a
   webserver to answer challenges.)  That webserver only processes GET and
   HEAD requests under the "/.well-known/acme-challenge/" URI.  By default
   some iptables(8) rules are automatically installed to open the HTTP port,
   and removed afterwards.

其他与 lacme 有关的软件包

  • 依赖
  • 推荐
  • 建议
  • dep: libconfig-tiny-perl
    Read/Write .ini style files with as little code as possible
  • dep: libjson-perl
    module for manipulating JSON-formatted data
  • dep: libnet-ssleay-perl
    Perl module for Secure Sockets Layer (SSL)
  • dep: libwww-perl
    simple and consistent interface to the world-wide web
  • dep: openssl
    Secure Sockets Layer toolkit - cryptographic utility
  • dep: perl
    Larry Wall's Practical Extraction and Report Language

下载 lacme

下载可用于所有硬件架构的
硬件架构 软件包大小 安装后大小 文件
all 26.6 kB92 kB [文件列表]