certmonger.confSection: File Formats (5)
Updated: 23 March 2010
Index Return to Main Contents
NAMEcertmonger.conf - configuration file for certmonger
DESCRIPTIONThe certmonger.conf file contains default settings used by certmonger. Its format is more or less that of a typical INI-style file. The only sections currently of note are named defaults and selfsign.
DEFAULTSWithin the defaults section, these variables and values are recognized:
This is the list of times, given in seconds, before a certificate's not-after
(often referred to as its expiration time) when certmonger should warn
that the certificate will soon no longer be valid. If certmonger is
configured to automatically renew the certificate, it will also attempt to do
so at these times. The default list of values is "2419200, 604800, 259200, 172800, 86400".
This is the method by which certmonger will notify the system
administrator that a certificate will soon become invalid. The recognized
values are syslog and mail. The default is syslog.
This is the destination to which certmonger will send notifications. It
can be a syslog priority and/or facility, separated by a period, or it can be
an email address. The default value is
This is the symmetric cipher which will be used to encrypt private keys stored
in OpenSSL's PEM format. Recognized values include aes128 and
aes256. The default is aes128. It is not recommended that this
value be changed except in cases where the default is incompatible with other
This is the digest algorithm which will be used when signing certificate
signing requests and self-signed certificates. Recognized values include
sha1, sha256, sha384, and sha512. The default is
sha256. It is not recommended that this value be changed except in cases
where the default is incompatible with other software.
SELFSIGNWithin the selfsign section, these variables and values are recognized:
This is the validity period given to self-signed certificates. The value is
specified as a combination of years (y), months (M), weeks (w), days (d), hours
(h), minutes (m), and/or seconds (s). If no unit of time is specified, seconds
are assumed. The default value is 1y.
This controls whether or not self-signed certificates will have their
subjectUniqueID and issuerUniqueID fields populated. While RFC5280 prohibits
their use, they may be needed and/or used by older applications. The default
value is no.
BUGSPlease file tickets for any that you find at https://fedorahosted.org/certmonger/
This document was created by man2html, using the manual pages.
Time: 05:33:59 GMT, December 24, 2015