1certmonger.conf(5)            File Formats Manual           certmonger.conf(5)
2
3
4

NAME

6       certmonger.conf - configuration file for certmonger
7
8

DESCRIPTION

10       The  certmonger.conf file contains default settings used by certmonger.
11       Its format is more or less that of a typical INI-style file.  The  only
12       sections currently of note are named defaults and selfsign.
13
14

DEFAULTS

16       Within the defaults section, these variables and values are recognized:
17
18
19       ttls   This  is  the list of times, given in seconds, before a certifi‐
20              cate's not-after validity date (often referred to as its expira‐
21              tion time) when certmonger should warn that the certificate will
22              soon no longer be valid.  If certmonger is configured  to  auto‐
23              matically  renew  the certificate, it will also attempt to do so
24              at these times.  The default list of values is "2419200, 604800,
25              259200, 172800, 86400".
26
27
28       notification_method
29              This  is  the  method by which certmonger will notify the system
30              administrator that a certificate will soon become invalid.   The
31              recognized values are syslog and mail.  The default is syslog.
32
33
34       notification_destination
35              This  is the destination to which certmonger will send notifica‐
36              tions.  It can be a syslog priority and/or  facility,  separated
37              by  a  period, or it can be an email address.  The default value
38              is daemon.notice.
39
40
41       symmetric_cipher
42              This is the symmetric cipher which will be used to encrypt  pri‐
43              vate  keys  stored  in  OpenSSL's PEM format.  Recognized values
44              include aes128 and aes256.  The default is aes128.   It  is  not
45              recommended that this value be changed except in cases where the
46              default is incompatible with other software.
47
48
49       digest This is the digest algorithm which will  be  used  when  signing
50              certificate signing requests and self-signed certificates.  Rec‐
51              ognized values include sha1, sha256, sha384,  and  sha512.   The
52              default  is  sha256.   It  is not recommended that this value be
53              changed except in cases where the default is  incompatible  with
54              other software.
55
56

SELFSIGN

58       Within the selfsign section, these variables and values are recognized:
59
60
61       validity_period
62              This  is  the validity period given to self-signed certificates.
63              The value is specified as a combination  of  years  (y),  months
64              (M), weeks (w), days (d), hours (h), minutes (m), and/or seconds
65              (s).  If no unit of time is specified, seconds are assumed.  The
66              default value is 1y.
67
68
69       populate_unique_id
70              This  controls whether or not self-signed certificates will have
71              their  subjectUniqueID  and  issuerUniqueID  fields   populated.
72              While  RFC5280  prohibits  their  use, they may be needed and/or
73              used by older applications.  The default value is no.
74
75

BUGS

77       Please  file  tickets  for  any  that  you  find   at   https://fedora
78       hosted.org/certmonger/
79
80

SEE ALSO

82       certmonger(8)
83
84
85
86certmonger Manual                23 March 2010              certmonger.conf(5)
Impressum