CERIAL DOCS

Configuration

• CERIAL's configuration is mainly managed through the settings.ini file, consisting of various sections with configurable options. Some configuration parameters can be defined in the command line, especially if they are different between executions. You can define the path to the configuration file with the command line parameter --settings=/path/to/settings.ini where the CERIAL execution user must have read permissions.
• ; is used inside the settings.ini file to comment a line.
• Configuration is case-sensitive, all the configuration options should be written in lower case.
• The values for yes/no settings can be also shortened by y/n

‍

Section [general]

This section contains general configuration settings, which control the behavior of CERIAL.

opmode

Purpose:         Specifies the operations mode of the system, defining how it behaves.
Allowed Values:  auto | init | renew
Default Value:   auto
Command Line:    --opmode | -m

Description

CERIAL allows users to automatically manage certificates on their endpoints. This parameter controls the operational behavior of CERIAL and defines, which operations are performed.

• auto
  CERIAL uses certificate search filters (config settings filter_* in section [csr]) to identify certificates it shall manage. CERIAL searches in the certificate store for certificates matching all filter criteria (logical condition is AND) and decides based on renewperiod, if a renew shall be performed.
• init
  If CERIAL is started with this operations mode, it immediately triggers the issuance of a new certificate with the configured CSR settings (see [csr] section). It ignores the potential existence of similar certificates in the certificate store and enforces the enrollment of a new certificate. This option can be used when running CERIAL for the first time, by providing this operations mode from the command line, together with initial enrollment credentials (see parameter credentials in section [enrollserver]).
• renew
  This operations mode forces CERIAL to search for a matching certificate in the certificate store and start the renewal of the matched certificate immediately. With this operations mode, CERIAL ignores the renewperiod configuration setting and forces the renewal of the found certificate.

‍

Section [general]

This section contains general configuration settings, which control the behavior of CERIAL.

opmode

Purpose:         Specifies the operations mode of the system
Allowed Values:  auto | init | renew
Default Value:   auto
Command Linie:   --opmode | -m

Description

CERIAL allows users to automatically manage certificates on their endpoints. This parameter controls the operational behavior of CERIAL and defines, which operations are performed.

• auto - CERIAL uses certificate search filters (config settings filter_* in section [csr]) to identify certificates it shall manage. CERIAL searches in the certificate store for certificates matching all filter criteria (logical condition is AND) and decides based on renewperiod, if a renew shall be performed.
• init - If CERIAL is started with this operations mode, it immediately triggers the issuance of a new certificate with the configured CSR settings (see [csr] section). It ignores the potential existence of similar certificates in the certificate store and enforces the enrollment of a new certificate. This option can be used when running CERIAL for the first time, by providing this operations mode from the command line, together with initial enrollment credentials (see parameter credentials in section [enrollserver]).
• renew - This operations mode forces CERIAL to search for a matching certificate in the certificate store and start the renewal of the matched certificate immediately. With this operations mode, CERIAL ignores the renewperiod configuration setting and forces the renewal of the found certificate.

autoenroll

Purpose:         Defines if CERIAL automatically enrolls a new certificate, if no sufficient was found.
Allowed Values:  yes | no
Default Value:   no
Command Linie:   --autoenroll | -e

Description

CERIAL is able.........................

autorenew

Purpose:         Defines if CERIAL automatically enrolls a new certificate, if no sufficient was found.
Allowed Values:  yes | no
Default Value:   no
Command Linie:   --autoenroll | -e

‍

‍