From 6e12610ab898ab4d3315498d91a0c393f4a8a6d0 Mon Sep 17 00:00:00 2001 From: Denys Fedoryshchenko Date: Sun, 7 Jul 2024 12:26:50 +0300 Subject: [PATCH] CertPubKey: add corresponding manual entry Signed-off-by: Denys Fedoryshchenko --- manual.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manual.md b/manual.md index dfc503e..0202642 100644 --- a/manual.md +++ b/manual.md @@ -126,6 +126,14 @@ Here are the parameters, of which only `url` is mandatory: HEAD, possibly because of "web firewalls" * dns: get the IP address from these nameservers. Useful when testing against DNS-based CDNs (like Akamai). + * CertPubKey: Remote certificate public key. If set, the checker will alert + if the public key of the certificate does not match this value. + Format is tuples divided by colon, where is first tuple is the + key type (RSA, ECDSA), remaining tuples depend on the key type. For RSA + keys, the second tuple is the exponent, the third tuple is the modulus (both in hex). + For example: + CertPubKey="RSA:10001:HEXLONGSTRING" + ## imap The imap checker assumes it connects to a TLS endpoint. There it will check the certificate for freshness.