summaryrefslogtreecommitdiff
path: root/docs/platform/guide.md
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2013-07-24 13:28:41 -0700
committerelijah <elijah@riseup.net>2013-07-24 13:28:41 -0700
commitfbce048c381f6f6c7d384a9bdaa1fd4646d2f2a2 (patch)
treef9c2320ff6929e1017451a49372aa2a384443d9e /docs/platform/guide.md
parentebcdb73bc5494398ab9203d6caf3057ef5f1168b (diff)
fix default provider ca values.
Diffstat (limited to 'docs/platform/guide.md')
-rw-r--r--docs/platform/guide.md38
1 files changed, 20 insertions, 18 deletions
diff --git a/docs/platform/guide.md b/docs/platform/guide.md
index da515a4..1cd8283 100644
--- a/docs/platform/guide.md
+++ b/docs/platform/guide.md
@@ -157,28 +157,30 @@ Configuration options
The `ca` option in provider.json provides settings used when generating CAs and certificates. The defaults are as follows:
- "ca": {
- "name": "= global.provider.ca.organization + ' Root CA'",
- "organization": "= global.provider.name",
- "organizational_unit": "= 'https://' + global.provider.name",
- "bit_size": 4096,
- "digest": "SHA256",
- "life_span": "10y",
- "server_certificates": {
- "bit_size": 2048,
- "digest": "SHA256",
- "life_span": "1y"
- },
- "client_certificates": {
- "bit_size": 2048,
+ {
+ "ca": {
+ "name": "= global.provider.ca.organization + ' Root CA'",
+ "organization": "= global.provider.name[global.provider.default_language]",
+ "organizational_unit": "= 'https://' + global.provider.domain",
+ "bit_size": 4096,
"digest": "SHA256",
- "life_span": "2m",
- "limited_prefix": "LIMITED",
- "unlimited_prefix": "UNLIMITED"
+ "life_span": "10y",
+ "server_certificates": {
+ "bit_size": 2048,
+ "digest": "SHA256",
+ "life_span": "1y"
+ },
+ "client_certificates": {
+ "bit_size": 2048,
+ "digest": "SHA256",
+ "life_span": "2m",
+ "limited_prefix": "LIMITED",
+ "unlimited_prefix": "UNLIMITED"
+ }
}
}
-To see what values are used for your provider, run `leap inspect provider.json`. You can modify the defaults as you wish by adding the values to provider.json.
+You should not need to override these defaults in your own provider.json, but you can if you want to. To see what values are used for your provider, run `leap inspect provider.json`.
NOTE: A certificate `bit_size` greater than 2048 will probably not be recognized by most commercial CAs.