Provided by: certmonger_0.56-0ubuntu1_i386 bug

NAME

       certmonger.conf - configuration file for certmonger

DESCRIPTION

       The  certmonger.conf file contains default settings used by certmonger.
       Its format is more or less that of a typical INI-style file.  The  only
       sections currently of note are named defaults and selfsign.

DEFAULTS

       Within the defaults section, these variables and values are recognized:

       ttls   This   is  the  list  of  times,  given  in  seconds,  before  a
              certificate's not-after validity date (often referred to as  its
              expiration   time)   when   certmonger   should  warn  that  the
              certificate will soon no longer  be  valid.   If  certmonger  is
              configured  to automatically renew the certificate, it will also
              attempt to do so at these times.  The default list of values  is
              "2419200, 604800, 259200, 172800, 86400".

       notification_method
              This  is  the  method by which certmonger will notify the system
              administrator that a certificate will soon become invalid.   The
              recognized values are syslog and mail.  The default is syslog.

       notification_destination
              This   is   the   destination  to  which  certmonger  will  send
              notifications.  It can be a  syslog  priority  and/or  facility,
              separated  by  a  period,  or  it  can be an email address.  The
              default value is daemon.notice.

       symmetric_cipher
              This is the symmetric cipher  which  will  be  used  to  encrypt
              private  keys stored in OpenSSL's PEM format.  Recognized values
              include aes128 and aes256.  The default is aes128.   It  is  not
              recommended that this value be changed except in cases where the
              default is incompatible with other software.

       digest This is the digest algorithm which will  be  used  when  signing
              certificate   signing  requests  and  self-signed  certificates.
              Recognized values include sha1, sha256, sha384, and sha512.  The
              default  is  sha256.   It  is not recommended that this value be
              changed except in cases where the default is  incompatible  with
              other software.

SELFSIGN

       Within the selfsign section, these variables and values are recognized:

       validity_period
              This  is  the validity period given to self-signed certificates.
              The value is specified as a combination  of  years  (y),  months
              (M), weeks (w), days (d), hours (h), minutes (m), and/or seconds
              (s).  If no unit of time is specified, seconds are assumed.  The
              default value is 1y.

       populate_unique_id
              This  controls whether or not self-signed certificates will have
              their  subjectUniqueID  and  issuerUniqueID  fields   populated.
              While  RFC5280  prohibits  their  use, they may be needed and/or
              used by older applications.  The default value is no.

BUGS

       Please    file    tickets    for    any    that     you     find     at
       https://fedorahosted.org/certmonger/

SEE ALSO

       certmonger(8)