| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| services.infinoted.certificateChain | Chain of CA-certificates to which our certificateFile is relative
|
| services.warpgate.settings.http.sni_certificates.*.certificate | Path to certificate.
|
| services.bacula-sd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-dir.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.kubernetes.pki.genCfsslAPICerts | Whether to automatically generate cfssl API webserver TLS cert and key,
if they don't exist.
|
| services.kubernetes.pki.cfsslAPIExtraSANs | Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
|
| services.umurmur.settings.certificate | Path to your SSL certificate
|
| services.movim.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| services.sabnzbd.settings.misc.https_cert | Path to the TLS certificate for the web UI
|
| services.rkvm.server.settings.certificate | TLS certificate path.
This should be generated with rkvm-certificate-gen.
|
| services.rkvm.client.settings.certificate | TLS ceritficate path.
This should be generated with rkvm-certificate-gen.
|
| services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| services.mqtt2influxdb.mqtt.certfile | Certificate file for MQTT
|
| services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| services.warpgate.settings.http.certificate | Path to HTTPS listener certificate.
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| services.warpgate.settings.mysql.certificate | Path to MySQL listener certificate.
|
| security.agnos.settings.accounts.*.certificates.*.key_output_file | Output path for the certificate private key
|
| services.unbound.checkconf | Whether to check the resulting config file with unbound checkconf for syntax errors
|
| services.dolibarr.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| services.trafficserver.sslMulticert | Configure SSL server certificates to terminate the SSL sessions
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.kubernetes.apiserver.extraSANs | Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert.
|
| services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| services.headscale.settings.tls_cert_path | Path to already created certificate.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.privoxy.inspectHttps | Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well
|
| services.cloudflared.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert | Path to CA bundle file (PEM/X509)
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.kubernetes.apiserver.kubeletClientCaFile | Path to a cert file for connecting to kubelet.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| services.prometheus.exporters.unbound.unbound.certificate | Path to the Unbound control socket certificate
|
| services.prometheus.remoteRead.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.nextcloud-spreed-signaling.settings.https.certificate | Path to the certificate used for the HTTPS listener
|
| services.prometheus.remoteWrite.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowAll | If true, allow all clients, do not check client cert subject.
|
| services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| services.prometheus.scrapeConfigs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|