---
# defaults file for generate-tls-certs
generate_tls_certs: true
# Do not put trailing slash "/"
cert_dir: ./certs
generate_ca_cert: false
generate_client_cert: false
generate_server_cert: false

# -------
# CA CERT
# -------
tls_ca_cert: ca.pem
tls_ca_csr: ca.csr
tls_ca_key: ca.key
tls_ca_key_size: 4096
# 10 years
tls_ca_valid_days: 3650
# tls_ca_country:
# tls_ca_state:
# tls_ca_locality:
# tls_ca_organization:
# tls_ca_organizationalunit:
tls_ca_commonname: Certificate Authority
#tls_ca_email:

# -----------
# CLIENT CERT
# -----------
tls_client_cert: client.pem
tls_client_key: client.key
tls_client_csr: client.csr
tls_client_key_size: 4096
tls_client_commonname: Client
# 2 years
tls_client_valid_days: 730

# -----------
# SERVER CERT
# -----------
# 2 years
tls_server_valid_days: 730
tls_server_key_size: 4096
# Enable Subject Alternate Name (SAN)
tls_server_enable_san: true

# -------------------
# POPULATE /etc/hosts
# -------------------
populate_etc_hosts: false