SeaCat CA Tool Configuration Reference

This chapter describes seacat.conf available configuration options for the CA section.

[ca] section

auto_approve

This setting turns Certificate Authority to automatic Client Signing Request approval. All incoming Client Signing Requests will be automatically signed. Auto approval results in granting access to Application Backend for every Client without manual check. It is necessary for B2C Application. It is not recommended for B2E and B2B Application.

  • Syntax: boolean
  • Default is: no

If it set to yes, any Client has the authorization to access Application Backend. It is suited for B2C Application. Use with caution in the case of B2B and B2E Applications.

auto_renew

This setting turns Certificate Authority to automatic Client Certificate renewal in the case of short time to its validity end. Every Client Certificate will be renewed after threshold to validity end is reached (86 400 seconds; 1 day) and Client is connected between the threshold and Client Certificate validity end.

  • Syntax: boolean
  • Default is: yes

If it set to yes, automatic Client Certificate renewal is done in the case of short time to its validity end. It is active only for authorized/known Clients. It does not mean that unauthorized/anonymous Clients are granted to use Client Connection and thus access Application Backend.

auto_renew_expired

This setting turns Certificate Authority to automatic Client Certificate renewal even if it is expired. Every expired Client Certificate will be renewed automatically.

  • Syntax: boolean
  • Default is: no

If it set to yes automatic Client Certificate renewal is done after its expiration. It is active only for authorized/known Clients. Setting this setting to yes does not mean that unauthorized/anonymous Clients are granted to use Client Connection and thus access Application Backend.

new_cert_validity

A validity period for Client Certificates. If the value is omitted, 31536000 is used (1 year). The new_cert_validity value accepts following time identificators: s - seconds, m - minutes, h - hours, D - days, M - months, Y - years.

  • Syntax: string
  • Default is: [none]

backend

The settings configure Certificate Authority to use directory (dir) or MongoDB database (mongo) as a Client Certificate and Client Signing Request store. There is additional configuration related to this options. See [ca:backend_dir] and [ca:backend_mongo] sections below. Additional backends support is in a build.

  • Syntax: string

  • Default is: dir

  • Example:

    backend=mongo

[ca:backend_dir] section

This section is specific for DIR backend.

directory

Directory path to where the Certificate Authority store Client Certificates and Client Signing Requests.

  • Syntax: string
  • Default is: /opt/seacat/var/ca

[ca:backend_mongo] section

This section is specific for MongoDB backend.

uri

URI to MongoDB database connector. In our example, we used 1.2.3.4 as an IP address, 5000 as a port, username as a username and password as a password.

  • Syntax: URI

  • Default is: [none]

  • Example:

    uri=mongodb://username:password@1.2.3.4.:5000

    uri=mongodb://1.2.3.4.:5000

For more details about MongoDB connection string, go to MongoDB Connection String URI Format specification.

db

Target database specification for MongoDB database.

  • Syntax: string

  • Default is: [none]

  • Example:

    db=mongodb

Found a mistake? Please contact us.