diff options
Diffstat (limited to 'modules/caddypki')
| -rw-r--r-- | modules/caddypki/acmeserver/acmeserver.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index d5e5559..f5c013b 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -66,6 +66,13 @@ type Handler struct { // on this property long-term; check release notes. PathPrefix string `json:"path_prefix,omitempty"` + // If true, the CA's root will be the issuer instead of + // the intermediate. This is NOT recommended and should + // only be used when devices/clients do not properly + // validate certificate chains. EXPERIMENTAL: Might be + // changed or removed in the future. + SignWithRoot bool `json:"sign_with_root,omitempty"` + acmeEndpoints http.Handler logger *zap.Logger } @@ -109,6 +116,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error { } authorityConfig := caddypki.AuthorityConfig{ + SignWithRoot: ash.SignWithRoot, AuthConfig: &authority.AuthConfig{ Provisioners: provisioner.List{ &provisioner.ACME{ |