Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
TACD(8)			FreeBSD	System Manager's Manual		       TACD(8)

     tacd -- TLS-ALPN Challenge	Daemon

     tacd [-e|--acme-ext STRING] [--acme-ext-file FILE]	[--crt-digest STRING]
	  [--crt-signature-alg STRING] [-d|--domain STRING]
	  [--domain-file STRING] [-f|--foreground] [-h|--help]
	  [-l|--listen host:port] [--log-stderr] [--log-syslog]
	  [--log-level LEVEL] [--pid-file FILE]	[-V|--version]

     tacd is a server that will	listen to incoming Transport Layer Security
     (TLS) connections and, if the acme-tls/1 protocol has been	declared dur-
     ing the Application-Layer Protocol	Negotiation (ALPN), present a self-
     signed certificate	in order to attempt to solve the TLS-ALPN-01 chal-
     lenge. It then drops the connection.

     In	order to generate the self-signed certificate, it is required to spec-
     ify both the domain name to validate and the acmeIdentifier extension.
     If	one of those values is not specified using the available options, it
     is	read from the standard input. When reading from	the standard input, a
     new line character	is expected at the end.	In the case both values	needs
     to	be read	from the standard input, the domain name is read first,	then
     the acmeIdentifier	extension.

     The options are as	follows:

     -e, --acme-ext STRING
	     The acmeIdentifier	extension to set in the	self-signed certifi-

     --acme-ext-file FILE
	     File from which is	read the acmeIdentifier	extension to set in
	     the self-signed certificate.

     --crt-digest STRING
	     Set the certificate's digest algorithm. Possible values are:
	     -	 sha256
	     -	 sha384
	     -	 sha512

     --crt-signature-alg STRING
	     Set the certificate's signature algorithm.	Possible values	de-
	     pends on the cryptographic	library	support	and can	be listed us-
	     ing the --help flag.

     -d, --domain STRING
	     The domain	that is	being validated.

     --domain-file STRING
	     File from which is	read the domain	that is	being validated.

     -f, --foreground
	     Runs in the foreground.

     -h, --help
	     Prints help information.

     -i, --listen host:port | unix:path
	     Specifies the host	and port combination or	the unix socket	to
	     listen on.

	     Prints log	messages to the	standard error output.

	     Sends log messages	via syslog.

     --log-level LEVEL
	     Specify the log level. Possible values: error, warn, info,	debug
	     and trace.

     --pid-file	FILE
	     Specifies the location of the PID file.

     -V, --version
	     Prints version information.


     R.B. Shoemaker, Automated Certificate Management Environment (ACME) TLS
     Application-Layer Protocol	Negotiation (ALPN) Challenge Extension,	RFC
     8737, February 2020.

     Rodolphe BrA(C)ard	<>

FreeBSD	13.0		       October 10, 2020			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help