-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
config.sample.yaml
37 lines (26 loc) · 1.23 KB
/
config.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
signing:
domain: <my-domain> # domain to retrieve a cert for (passed to ACME servers, required)
email: <my-email> # email for acme auth (passed to ACME servers, required)
port: 80 # local port for acme domain check (should be 80, change if running behind a proxy)
output: ./data # dir to store the keys and certs (for internal use)
staging: False # generate staging certs
# optional: set a 'cross-singing' CA and private key
# this will be used along with ACME (Lets Encrypt) to sign the same CSR
# csca_cert: <ca-cert.pem>
# csca_private_key: <ca-private-key.pem>
# rfc3161 timestamp authority cert chain + timestamp urls
# at least one required, if multiple, one is selected at random
timestamping:
# time server cert chain (cert + ca cert)
# pkg:// url to load from python package data
- certfile: pkg://authsign.trusted/ts-chain.pem
url: http://freetsa.org/tsr # timeserver URL
# default certificate rotation time
cert_duration:
days: 7
# default timestamp validity time (timestamp must be within this time of creation time)
stamp_duration:
minutes: 10
# default trusted roots stored in authsign.trusted package
# uncomment to override
# trusted_roots: pkg://authsign.trusted/roots.yaml