--- # defaults file for generate-tls-certs generate_tls_certs: true # Do not put trailing slash "/" cert_dir: ./certs generate_ca_cert: false generate_client_cert: false generate_server_cert: false # ------- # CA CERT # ------- tls_ca_cert: ca.pem tls_ca_csr: ca.csr tls_ca_key: ca.key tls_ca_key_size: 4096 # 10 years tls_ca_valid_days: 3650 # tls_ca_country: # tls_ca_state: # tls_ca_locality: # tls_ca_organization: # tls_ca_organizationalunit: tls_ca_commonname: Certificate Authority #tls_ca_email: # ----------- # CLIENT CERT # ----------- tls_client_cert: client.pem tls_client_key: client.key tls_client_csr: client.csr tls_client_key_size: 4096 tls_client_commonname: Client # 2 years tls_client_valid_days: 730 # ----------- # SERVER CERT # ----------- # 2 years tls_server_valid_days: 730 tls_server_key_size: 4096 # Enable Subject Alternate Name (SAN) tls_server_enable_san: true # ------------------- # POPULATE /etc/hosts # ------------------- populate_etc_hosts: false