Update docs to reflect ability to load cold CA certs to output full chains. (#3740)

This commit is contained in:
dmwilcox 2018-01-03 07:59:18 -08:00 committed by Jeff Mitchell
parent 19b4062801
commit 39dd122663
2 changed files with 10 additions and 5 deletions

View file

@ -102,8 +102,8 @@ func ParsePKIJSON(input []byte) (*ParsedCertBundle, error) {
// ParsePEMBundle takes a string of concatenated PEM-format certificate
// and private key values and decodes/parses them, checking validity along
// the way. There must be at max two certificates (a certificate and its
// issuing certificate) and one private key.
// the way. The first certificate must be the subject certificate and issuing
// certificates may follow. There must be at most one private key.
func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) {
if len(pemBundle) == 0 {
return nil, errutil.UserError{"empty pem bundle"}

View file

@ -175,9 +175,14 @@ $ curl \
## Submit CA Information
This endpoint allows submitting the CA information for the backend via a PEM
file containing the CA certificate and its private key, concatenated. Not needed
if you are generating a self-signed root certificate, and not used if you have a
signed intermediate CA certificate with a generated key (use the
file containing the CA certificate and its private key, concatenated.
May optionally append additional CA certificates. Useful when creating an
intermediate CA to ensure a full chain is returned when signing or generating
certificates.
Not needed if you are generating a self-signed root certificate, and not used
if you have a signed intermediate CA certificate with a generated key (use the
`/pki/intermediate/set-signed` endpoint for that). _If you have already set a
certificate and key, they will be overridden._