ctlogconfig.html.en revision 0237f43ab925775250e266e479d0a337ff374a4b
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>ctlogconfig - Certificate Transparency log configuration tool - Apache HTTP Server</title>
<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
</script>
<body id="manual-page"><div id="page-header">
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.5</p>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Programs</a></div><div id="page-content"><div id="preamble"><h1>ctlogconfig - Certificate Transparency log configuration tool</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="/en/programs/ctlogconfig.html" title="English"> en </a></p>
</div>
<p><code>ctlogconfig</code> is a tool for maintaining a log configuration
database, for use with <code class="module"><a href="/mod/mod_ssl_ct.html">mod_ssl_ct</a></code>.</p>
<p>Refer to the <a href="#examples">examples below</a> for typical use.</p>
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#synopsis">Synopsis</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><code class="module"><a href="/mod/mod_ssl_ct.html">mod_ssl_ct</a></code></li></ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="section">
<h2><a name="synopsis" id="synopsis">Synopsis</a></h2>
<p><code>
<strong>ctlogconfig</strong> <strong>db-path</strong> <strong>dump</strong>
</code></p>
<p><code>
<strong>ctlogconfig</strong> <strong>db-path</strong> <strong>configure-public-key</strong>
[ <em>log-id</em>|<em>record-id</em> ]
</code></p>
<p><code>
<strong>ctlogconfig</strong> <strong>db-path</strong> <strong>configure-url</strong>
[ <em>log-id</em>|<em>record-id</em> ]
<em>log-URL</em>
</code></p>
<p><code>
<strong>ctlogconfig</strong> <strong>db-path</strong> <strong>valid-time-range</strong>
<em>log-id</em>|<em>record-id</em>
<em>min-timestamp</em> <em>max-timestamp</em>
</code></p>
<p><code>
<strong>ctlogconfig</strong> <strong>db-path</strong> <strong>trust</strong>
<em>log-id</em>|<em>record-id</em>
</code></p>
<p><code>
<strong>ctlogconfig</strong> <strong>db-path</strong> <strong>distrust</strong>
<em>log-id</em>|<em>record-id</em>
</code></p>
<p><code>
<strong>ctlogconfig</strong> <strong>db-path</strong> <strong>forget</strong>
<em>log-id</em>|<em>record-id</em>
</code></p>
<div class="section">
<h2><a name="subcommands" id="subcommands">Sub-commands</a></h2>
<dl>
<dt>dump</dt>
<dd>Display configuration database contents. The record id shown in
the output of this sub-command can be used to identify the affected
record in other sub-commands.</dd>
<dt>configure-public-key</dt>
<dd>Add a log's public key to the database or set the public key for an
existing entry. The log's public key is needed to validate the signature
of SCTs received by a proxy from a backend server.</dd>
<dt>configure-url</dt>
<dd>Add a log's URL to the database or set the URL for an existing entry.
The log's URL is used when submitting server certificates to logs in
order to obtain SCTs to send to clients.</dd>
<dt>valid-time-range</dt>
SCTs from the log with timestamps outside of the valid range will not be
accepted. Use <code>-</code> for a time that is not being configured.</dd>
<dt>trust</dt>
<dd>Mark a log as trusted, which is the default setting. This sub-command
is used to reverse a <em>distrust</em> setting.</dd>
<dt>distrust</dt>
<dd>Mark a log as distrusted.</dd>
<dt>forget</dt>
<dd>Remove information about a log from the database.</dd>
</dl>
<div class="section">
<h2><a name="examples" id="examples">Examples</a></h2>
<p>Consider an Apache httpd instance which serves as a TLS server and a proxy.
The TLS server needs to obtain SCTs from a couple of known logs in order to
pass those to clients, and the proxy needs to be able to validate the signature
of SCTs received from backend servers.</p>
<p>First we'll configure the URLs for logs where server certificates are logged:</p>
<div class="example"><p><code>
Log entry:<br />
Record 1<br />
Log id : (not configured)<br />
Public key file: (not configured)<br />
URL : http://log1.example.com/<br />
Time range : -INF to +INF<br />
<br />
Log entry:<br />
Record 2<br />
Log id : (not configured)<br />
Public key file: (not configured)<br />
URL : http://log2.example.com/<br />
Time range : -INF to +INF<br />
</code></p></div>
<p>Next we'll set the public key of a log where the certificate of our only
backend server is published. In this case it is the log with URL
http://log2.example.com/ which has already been configured.</p>
<div class="example"><p><code>
Log entry:<br />
Record 1<br />
Log id : (not configured)<br />
Public key file: (not configured)<br />
URL : http://log1.example.com/<br />
Time range : -INF to +INF<br />
<br />
Log entry:<br />
Record 2<br />
Log id : (not configured)<br />
URL : http://log2.example.com/<br />
Time range : -INF to +INF<br />
</code></p></div>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="/en/programs/ctlogconfig.html" title="English"> en </a></p>
</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
var comments_shortname = 'httpd';
var comments_identifier = 'http://httpd.apache.org/docs/trunk/programs/ctlogconfig.html';
(function(w, d) {
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
}
else {
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
}
})(window, document);
//--><!]]></script></div><div id="footer">
<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
prettyPrint();
}
//--><!]]></script>
</body></html>