| options/nixos/services.maddy.tls.certificates.*.keyPath | Path to the private key used for TLS.
|
| options/nixos/services.dendrite.tlsCert | The path to the TLS certificate.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| options/nixos/services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| options/home-manager/accounts.email.certificatesFile | Path to default file containing certificate authorities that
should be used to validate the connection authenticity
|
| options/home-manager/programs.ssh.matchBlocks.<name>.certificateFile | Specifies files from which the user certificate is read.
|
| options/nixos/services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| options/nixos/services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| options/nixos/services.bacula-sd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.bacula-fd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.infinoted.certificateFile | Server certificate to use for TLS
|
| options/nixos/services.grafana.settings.database.client_cert_path | The path to the client cert
|
| options/nixos/services.bacula-dir.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.movim.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| options/nixos/services.sabnzbd.settings.misc.https_cert | Path to the TLS certificate for the web UI
|
| options/nixos/services.rkvm.server.settings.certificate | TLS certificate path.
This should be generated with rkvm-certificate-gen.
|
| options/nixos/services.rkvm.client.settings.certificate | TLS ceritficate path.
This should be generated with rkvm-certificate-gen.
|
| options/nixos/services.infinoted.certificateChain | Chain of CA-certificates to which our certificateFile is relative
|
| options/nixos/services.umurmur.settings.certificate | Path to your SSL certificate
|
| options/nixos/services.warpgate.settings.http.sni_certificates.*.certificate | Path to certificate.
|
| options/nixos/services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| options/nixos/services.mqtt2influxdb.mqtt.certfile | Certificate file for MQTT
|
| options/nixos/services.warpgate.settings.http.certificate | Path to HTTPS listener certificate.
|
| options/nixos/services.warpgate.settings.mysql.certificate | Path to MySQL listener certificate.
|
| options/nixos/services.dolibarr.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| options/home-manager/programs.irssi.networks.<name>.server.ssl.certificateFile | Path to a file containing the certificate used for
client authentication to the server.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| options/nixos/security.agnos.settings.accounts.*.certificates.*.key_output_file | Output path for the certificate private key
|
| options/nixos/services.trafficserver.sslMulticert | Configure SSL server certificates to terminate the SSL sessions
|
| options/nixos/virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| options/nixos/services.kubernetes.pki.genCfsslAPICerts | Whether to automatically generate cfssl API webserver TLS cert and key,
if they don't exist.
|
| options/nixos/services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| options/nixos/services.kubernetes.pki.cfsslAPIExtraSANs | Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
|
| options/nixos/services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| options/home-manager/accounts.email.accounts.<name>.smtp.tls.certificatesFile | Path to file containing certificate authorities that should
be used to validate the connection authenticity
|
| options/home-manager/accounts.email.accounts.<name>.imap.tls.certificatesFile | Path to file containing certificate authorities that should
be used to validate the connection authenticity
|
| options/nixos/services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| options/nixos/services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.headscale.settings.tls_cert_path | Path to already created certificate.
|
| options/nixos/services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| options/nixos/services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert | Path to CA bundle file (PEM/X509)
|
| options/nixos/services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.cloudflared.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| options/nixos/services.unbound.checkconf | Whether to check the resulting config file with unbound checkconf for syntax errors
|
| options/nixos/services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.kubernetes.apiserver.extraSANs | Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert.
|
| options/nixos/services.prometheus.exporters.unbound.unbound.certificate | Path to the Unbound control socket certificate
|
| options/nixos/services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| options/nixos/services.nextcloud-spreed-signaling.settings.https.certificate | Path to the certificate used for the HTTPS listener
|
| options/nixos/services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| options/nixos/services.privoxy.inspectHttps | Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well
|
| options/nixos/services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| options/nixos/services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| options/nixos/networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| options/nixos/services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| options/nixos/services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| options/nixos/services.kubernetes.apiserver.kubeletClientCaFile | Path to a cert file for connecting to kubelet.
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| options/home-manager/programs.hexchat.channels.<name>.loginMethod | The login method
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| options/nixos/services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| options/nixos/services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| options/nixos/services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.remoteRead.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.remoteWrite.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowAll | If true, allow all clients, do not check client cert subject.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| options/nixos/services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| options/nixos/services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| options/nixos/services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|