zh/en: add `buildChain` in `CertificateObject` (#547)

pull/548/head
lelemka0 4 months ago committed by GitHub
parent b94eacf6f5
commit d422dde9ab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -436,6 +436,7 @@ CipherSuites 用于配置受支持的密码套件列表, 每个套件名称之
"ocspStapling": 3600, "ocspStapling": 3600,
"oneTimeLoading": false, "oneTimeLoading": false,
"usage": "encipherment", "usage": "encipherment",
"buildChain": false,
"certificateFile": "/path/to/certificate.crt", "certificateFile": "/path/to/certificate.crt",
"keyFile": "/path/to/key.key", "keyFile": "/path/to/key.key",
"certificate": [ "certificate": [
@ -533,6 +534,14 @@ OCSP 装订更新,与证书热重载的时间间隔。 单位:秒。默认
如已经拥有一个域名, 可以使用工具便捷的获取免费第三方证书,如[acme.sh](https://github.com/acmesh-official/acme.sh) 如已经拥有一个域名, 可以使用工具便捷的获取免费第三方证书,如[acme.sh](https://github.com/acmesh-official/acme.sh)
::: :::
> `buildChain`: true | false
仅当证书用途为 `issue` 时生效,若值为 `true` 签发证书时将CA证书嵌入证书链。
::: tip TIP 1
不应该将根证书嵌入证书链。该选项只适合在签名CA证书为中间证书时启用。
:::
> `certificateFile`: string > `certificateFile`: string
证书文件路径,如使用 OpenSSL 生成,后缀名为 .crt。 证书文件路径,如使用 OpenSSL 生成,后缀名为 .crt。

@ -410,6 +410,7 @@ The bootstrapping path and query params of the spider. It's recommended to have
"ocspStapling": 3600, "ocspStapling": 3600,
"oneTimeLoading": false, "oneTimeLoading": false,
"usage": "encipherment", "usage": "encipherment",
"buildChain": false,
"certificateFile": "/path/to/certificate.crt", "certificateFile": "/path/to/certificate.crt",
"keyFile": "/path/to/key.key", "keyFile": "/path/to/key.key",
"certificate": [ "certificate": [
@ -507,6 +508,14 @@ Use `xray tls cert` to generate self-signed CA certificate.
If you already have a domain name, you can use tools to obtain free third-party certificates easily, such as [acme.sh](https://github.com/acmesh-official/acme.sh). If you already have a domain name, you can use tools to obtain free third-party certificates easily, such as [acme.sh](https://github.com/acmesh-official/acme.sh).
::: :::
> `buildChain`: true | false
Only valid when `usage` is `issue`. When set to `true`, the CA certificate will be appended to leaf certificate as chain during issuing certificates.
::: tip TIP 1
Root certificates should not be embedded in the certificate chain. This option is only applicable when the signing CA certificate is an intermediate certificate.
:::
> `certificateFile`: string > `certificateFile`: string
Path to the certificate file generated by OpenSSL, with the suffix `.crt`. Path to the certificate file generated by OpenSSL, with the suffix `.crt`.

Loading…
Cancel
Save