author | Kim Alvefur <zash@zash.se> |
Sun, 12 Mar 2023 17:56:23 +0100 | |
changeset 5251 | dc27b997e969 |
parent 3229 | 517c7f0333e3 |
permissions | -rw-r--r-- |
3210
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
--- |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
labels: |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
- 'Type-S2SAuth' |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
--- |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
Introduction |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
============ |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
[PKIX over Secure HTTP (POSH)][rfc7711] describes a method of |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
securely delegating a domain to a hosting provider, without that hosting |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
provider needing keys and certificates covering the hosted domain. |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
3229
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3210
diff
changeset
|
13 |
# Validating |
3210
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
This module performs POSH validation of other servers. It is *not* |
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
needed to delegate your own domain. |
3229
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3210
diff
changeset
|
17 |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3210
diff
changeset
|
18 |
# Delegation |
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3210
diff
changeset
|
19 |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3210
diff
changeset
|
20 |
You can generate the JSON delegation file from a certificate by running |
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3210
diff
changeset
|
21 |
`prosodyctl mod_s2s_auth_posh /path/to/example.crt`. This file needs to |
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3210
diff
changeset
|
22 |
be served at `https://example.com/.well-known/posh/xmpp-server.json`. |