-
Notifications
You must be signed in to change notification settings - Fork 11
/
config.ecdsa
27 lines (24 loc) · 1.02 KB
/
config.ecdsa
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# This file is for services that should use an ECDSA certificate. Currently,
# this is strongly recomended for CMON. All other services and clients support
# both RSA and ECDSA, but if you have an older version of some serives that use
# stud you will need to use RSA.
#
# To deploy an ECDSA certificate for cmon, create `domains.ecdsa.txt` with the
# name of your cmon zone (including a wildcard name). E.g.:
#
# cmon.datacenter.example.com *.cmon.datacenter.example.com
#
# Note: cmon can only use the DNS name provided by CNS for the external
# interface. Vanity, or alternative DNS names are not supported by CMON.
#
# Then run dehydrated with this config file
#
# ./dehydrated -c -f config.ecdsa
#
# Be sure to create a cron job for your ecdsa certificates as well!
# Import the default settings
source ${BASEDIR}/config
# File containing the list of domains to request ECDSA certificates for
DOMAINS_TXT="${BASEDIR}/domains.ecdsa.txt"
# Use ECDSA curve prime256v1. You may also choose to use curve secp384r1.
KEY_ALGO=prime256v1