security.pki.useCompatibleBundle

Whether to enable usage of a compatibility bundle.

Such a bundle consists exclusively of BEGIN CERTIFICATE and no BEGIN TRUSTED CERTIFICATE, which is an OpenSSL specific PEM format.

It is known to be incompatible with certain software stacks.

Nevertheless, enabling this will strip all additional trust rules provided by the certificates themselves. This can have security consequences depending on your usecases .

Type

boolean

Default

false

Example

true

Declared

<nixpkgs/nixos/modules/security/ca.nix>