@ -410,6 +410,7 @@ The bootstrapping path and query params of the spider. It's recommended to have
"ocspStapling": 3600,
"ocspStapling": 3600,
"oneTimeLoading": false,
"oneTimeLoading": false,
"usage": "encipherment",
"usage": "encipherment",
"buildChain": false,
"certificateFile": "/path/to/certificate.crt",
"certificateFile": "/path/to/certificate.crt",
"keyFile": "/path/to/key.key",
"keyFile": "/path/to/key.key",
"certificate": [
"certificate": [
@ -507,6 +508,14 @@ Use `xray tls cert` to generate self-signed CA certificate.
If you already have a domain name, you can use tools to obtain free third-party certificates easily, such as [acme.sh](https://github.com/acmesh-official/acme.sh).
If you already have a domain name, you can use tools to obtain free third-party certificates easily, such as [acme.sh](https://github.com/acmesh-official/acme.sh).
:::
:::
> `buildChain`: true | false
Only valid when `usage` is `issue`. When set to `true`, the CA certificate will be appended to leaf certificate as chain during issuing certificates.
::: tip TIP 1
Root certificates should not be embedded in the certificate chain. This option is only applicable when the signing CA certificate is an intermediate certificate.
:::
> `certificateFile`: string
> `certificateFile`: string
Path to the certificate file generated by OpenSSL, with the suffix `.crt`.
Path to the certificate file generated by OpenSSL, with the suffix `.crt`.