1certmonger.conf(5) File Formats Manual certmonger.conf(5)
2
3
4
6 certmonger.conf - configuration file for certmonger
7
8
10 The certmonger.conf file contains default settings used by certmonger.
11 Its format is more or less that of a typical INI-style file. The only
12 sections currently of note are named defaults and selfsign.
13
14
16 Within the defaults section, these variables and values are recognized:
17
18
19 ttls This is the list of times, given in seconds, before a certifi‐
20 cate's not-after validity date (often referred to as its expira‐
21 tion time) when certmonger should warn that the certificate will
22 soon no longer be valid. If certmonger is configured to auto‐
23 matically renew the certificate, it will also attempt to do so
24 at these times. The default list of values is "2419200, 604800,
25 259200, 172800, 86400".
26
27
28 notification_method
29 This is the method by which certmonger will notify the system
30 administrator that a certificate will soon become invalid. The
31 recognized values are syslog and mail. The default is syslog.
32
33
34 notification_destination
35 This is the destination to which certmonger will send notifica‐
36 tions. It can be a syslog priority and/or facility, separated
37 by a period, or it can be an email address. The default value
38 is daemon.notice.
39
40
41 symmetric_cipher
42 This is the symmetric cipher which will be used to encrypt pri‐
43 vate keys stored in OpenSSL's PEM format. Recognized values
44 include aes128 and aes256. The default is aes128. It is not
45 recommended that this value be changed except in cases where the
46 default is incompatible with other software.
47
48
49 digest This is the digest algorithm which will be used when signing
50 certificate signing requests and self-signed certificates. Rec‐
51 ognized values include sha1, sha256, sha384, and sha512. The
52 default is sha256. It is not recommended that this value be
53 changed except in cases where the default is incompatible with
54 other software.
55
56
58 Within the selfsign section, these variables and values are recognized:
59
60
61 validity_period
62 This is the validity period given to self-signed certificates.
63 The value is specified as a combination of years (y), months
64 (M), weeks (w), days (d), hours (h), minutes (m), and/or seconds
65 (s). If no unit of time is specified, seconds are assumed. The
66 default value is 1y.
67
68
69 populate_unique_id
70 This controls whether or not self-signed certificates will have
71 their subjectUniqueID and issuerUniqueID fields populated.
72 While RFC5280 prohibits their use, they may be needed and/or
73 used by older applications. The default value is no.
74
75
77 Please file tickets for any that you find at https://fedora‐
78 hosted.org/certmonger/
79
80
82 certmonger(8)
83
84
85
86certmonger Manual 23 March 2010 certmonger.conf(5)