diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 19:51:56 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 19:53:45 +0100 |
commit | 79edb6eea5e009e5b49876728f7477a8524e98ec (patch) | |
tree | a05cc79dfab02a10a834addf61b4297799d64896 /config/lacme-certs.conf | |
parent | e8980fb172221cbffd7fa672d65da0a806524e72 (diff) |
documentation: emphasize default values in the config file.
Also, move the most common options ('hash', 'keyUsage', 'CAfile',
'min-days') to the default section.
Diffstat (limited to 'config/lacme-certs.conf')
-rw-r--r-- | config/lacme-certs.conf | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf index 232c85b..3e7a577 100644 --- a/config/lacme-certs.conf +++ b/config/lacme-certs.conf @@ -1,13 +1,27 @@ # Each non-default section refer to separate certificate issuance # requests. Options in the default section apply to each sections. -# Message digest to sign the Certificate Signing Request with. +# Message digest to sign the Certificate Signing Request with, +# overriding the req(1ssl) default. # -#hash = sha512 +#hash = -# Comma-separated list of Key Usages, see x509v3_config(5ssl). +# Comma-separated list of Key Usages, for instance "digitalSignature, +# keyEncipherment", to include in the Certificate Signing Request. +# See x509v3_config(5ssl) for a list of possible values. # -#keyUsage = digitalSignature, keyEncipherment +#keyUsage = + +# Path to the bundle of trusted issuer certificates. This is used for +# validating each certificate after issuance or renewal. Specifying an +# empty value skips certificate validation. +# +#CAfile = @@datadir@@/lacme/ca-certificates.crt + +# For an existing certificate, the minimum number of days before its +# expiration date the section is considered for re-issuance. +# +#min-days = 21 #[www] @@ -25,16 +39,6 @@ # #certificate-chain = /etc/nginx/ssl/srv.chain.pem -# For an existing certificate, the minimum number of days before its -# expiration date the section is considered for re-issuance. -# -#min-days = 21 - -# Path to trusted issuer certificates, used for validating each issued -# certificate. Specifying an empty value skips certificate validation. -# -#CAfile = @@datadir@@/lacme/ca-certificates.crt - # Subject field of the Certificate Signing Request. This option is # required. # |