[config]

## Configuration file for cern-get-certificate
# SOS: If you do not want to define a property, you can delete its value. Never delete the name of the property!

# private path for certificate key file - default: /etc/pki/tls/private/
keypath=/etc/pki/tls/private/

# path for storing certificate file - default: /etc/pki/tls/certs/
certpath=/etc/pki/tls/certs/

# keytab for host authentication
keytab=/etc/krb5.keytab

# renew if validity shorter than X days - default: 7
days=7

# Enable autorenew by the cron job
autorenew=1

# define hostname
hostname=

# perform autorenewal
# NOTE: if a service using the certificate is running
# at the time renewal happens it should be most likely
# restarted after - this can be done using autorenewexec
# option below
#autorenewexec="/usr/bin/systemctl reload httpd"
autorenewexec=

# ownership of certificate files - use numeric IDs
# uid - default 0 (root)
uid=0
# gid - default 0 (root)
gid=0
