diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 641f006e2..c0a009631 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -51,7 +51,10 @@ type CA struct { // and Mozilla Firefox trust stores. Default: true. InstallTrust *bool `json:"install_trust,omitempty"` - Root *KeyPair `json:"root,omitempty"` + // The root certificate to use; if empty, one will be generated. + Root *KeyPair `json:"root,omitempty"` + + // The intermediate (signing) certificate; if empty, one will be generated. Intermediate *KeyPair `json:"intermediate,omitempty"` // Optionally configure a separate storage module associated with this diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go index e701c40d7..e1a0e354d 100644 --- a/modules/caddypki/crypto.go +++ b/modules/caddypki/crypto.go @@ -120,9 +120,17 @@ func trusted(cert *x509.Certificate) bool { // KeyPair represents a public-private key pair, where the // public key is also called a certificate. type KeyPair struct { + // The certificate. By default, this should be the path to + // a PEM file unless format is something else. Certificate string `json:"certificate,omitempty"` - PrivateKey string `json:"private_key,omitempty"` - Format string `json:"format,omitempty"` + + // The private key. By default, this should be the path to + // a PEM file unless format is something else. + PrivateKey string `json:"private_key,omitempty"` + + // The format in which the certificate and private + // key are provided. Default: pem_file + Format string `json:"format,omitempty"` } // Load loads the certificate and key.