[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Letsencrypt PEM files to use for SSL
|
From: |
Gerard Seibert |
|
Subject: |
Letsencrypt PEM files to use for SSL |
|
Date: |
Sun, 4 Nov 2018 14:13:22 +0000 |
I just installed "Monit 5.25.2" on a FreeBSD-11.2 / amd64 machine. The
application is working fine and I have slowly, but surely gotten it
configured. I do have a question though regarding "SSL"
>From the manual, this is a skeleton for the "SET SSL" section:
SSL OPTIONS
Common SSL/TLS options can be set using the following statement and
will apply to all SSL connections made through Monit:
SET <SSL | TLS> [OPTIONS] {
VERSION: <AUTO | SSLV2 | SSLV3 | TLSV1 | TLSV11 | TLSV12 | TLSV13>
VERIFY: <ENABLE | DISABLE>
SELFSIGNED: <ALLOW | REJECT>
CIPHERS: <string>
PEMFILE: <path>
CLIENTPEMFILE: <path>
CACERTIFICATEFILE: <path>
CACERTIFICATEPATH: <path>
}
Now, I am using "letsencrypt" on my machine. I am confused as to what files
go where. Letsencrypt has these files available:
1) cert.pem
2) chain.pem
3) fullchain.pem
4) privkey.pem
I was told that "monit" will not accept the "fullchain.pem" file unless the
"privkey.pem" is added to the top of it.
What I want to know is what keys are used for each of the "PEMFILE",
"CLIENTPEMFILE", and "CACERTIFICATEFILE" file entries. I am using the
"ca-root-nss.crt" file path for the " CACERTIFICATEPATH"; i.e,
"/usr/local/share/certs/ca-root-nss.crt". Also, do I have to all the
"privkey.pem" to the "fullchain.pem" in order for "monit" to accept it?
Thanks!
--
Gerard
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Letsencrypt PEM files to use for SSL,
Gerard Seibert <=