70 lines
1.5 KiB
Markdown
70 lines
1.5 KiB
Markdown
# Certificates
|
|
|
|
This module creates and signs Certificates using multiple backends, including letsencrypt.
|
|
|
|
## Parameters
|
|
|
|
All configuration is to be placed inside the `certificates` dict.
|
|
|
|
```
|
|
# configuration for all backends, see below for options for all backends
|
|
backends:
|
|
letsencrypt: *letsencrypt-backend-config*
|
|
selfsigned: *selfsigned-backend-config*
|
|
|
|
# default options for certificates
|
|
defaults:
|
|
country: "SU"
|
|
province: "CYBER"
|
|
city: "Cyberspace"
|
|
org: "Tyrell Corporation"
|
|
mail: "example@example.com"
|
|
ou: "cyber"
|
|
cn: ~
|
|
san: []
|
|
|
|
# name: certificate name, value: config for a certificate. See below for definition
|
|
certs: *certificate-config*
|
|
```
|
|
|
|
**certificate-config:**
|
|
All settings here overwrite the default setting for a certificate.
|
|
```
|
|
# Country (string)
|
|
country: "SU"
|
|
|
|
# Province (string)
|
|
province: "CYBER"
|
|
|
|
# City (string)
|
|
city: "Cyberspace"
|
|
|
|
# Organisation (string)
|
|
org: "Tyrell Corporation"
|
|
|
|
# Mailaddress (string)
|
|
mail: "example@example.com"
|
|
|
|
# organizational unit name (string)
|
|
ou: "cyber"
|
|
|
|
# common name (string), will be set to first SAN if set to None
|
|
cn: ~
|
|
|
|
# subject alt names (list of strings)
|
|
san: []
|
|
```
|
|
|
|
### Backends
|
|
#### Letsencrypt
|
|
#### Selfsigned
|
|
|
|
## Paths
|
|
|
|
Certificates are stored at a defined location:
|
|
|
|
* key: `/etc/ssl/private/<cetname>.key`
|
|
* certificate: `/etc/ssl/<certname>.crt`
|
|
* CSR: `/etc/ssl/<certname>.csr`
|
|
* chain: `/etc/ssl/<certname>.chain.crt`
|
|
* key, certificate and chain combined: `/etc/ssl/private/<certname>.complete.pem`
|