diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/lacme-certs.conf | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf index 232c85b..3e7a577 100644 --- a/config/lacme-certs.conf +++ b/config/lacme-certs.conf @@ -1,13 +1,27 @@ # Each non-default section refer to separate certificate issuance # requests. Options in the default section apply to each sections. -# Message digest to sign the Certificate Signing Request with. +# Message digest to sign the Certificate Signing Request with, +# overriding the req(1ssl) default. # -#hash = sha512 +#hash = -# Comma-separated list of Key Usages, see x509v3_config(5ssl). +# Comma-separated list of Key Usages, for instance "digitalSignature, +# keyEncipherment", to include in the Certificate Signing Request. +# See x509v3_config(5ssl) for a list of possible values. # -#keyUsage = digitalSignature, keyEncipherment +#keyUsage = + +# Path to the bundle of trusted issuer certificates. This is used for +# validating each certificate after issuance or renewal. Specifying an +# empty value skips certificate validation. +# +#CAfile = @@datadir@@/lacme/ca-certificates.crt + +# For an existing certificate, the minimum number of days before its +# expiration date the section is considered for re-issuance. +# +#min-days = 21 #[www] @@ -25,16 +39,6 @@ # #certificate-chain = /etc/nginx/ssl/srv.chain.pem -# For an existing certificate, the minimum number of days before its -# expiration date the section is considered for re-issuance. -# -#min-days = 21 - -# Path to trusted issuer certificates, used for validating each issued -# certificate. Specifying an empty value skips certificate validation. -# -#CAfile = @@datadir@@/lacme/ca-certificates.crt - # Subject field of the Certificate Signing Request. This option is # required. # |