|
[main]
|
|
enabled: <%= @repo_auth ? "true" : "false" %>
|
|
log_failed_cert: true
|
|
log_failed_cert_verbose: false
|
|
max_num_certs_in_chain: 100
|
|
# If this is true, the client certificate will be verified by Pulp against the per-repo certificate
|
|
# authorities. If it is false, client certificates will not be checked for signature or expiration.
|
|
# If you don't need per-repo CAs, it is recommended to set this to false and use your web server to
|
|
# check the client certificates against a trusted CA back. Setting this to true will have a negative
|
|
# performance impact, so don't do that unless you need per-repo CAs. It is true by default to
|
|
# maintain backwards compatibility.
|
|
verify_ssl: false
|
|
|
|
[repos]
|
|
cert_location: /etc/pki/pulp/content
|
|
global_cert_location: /etc/pki/pulp/content
|
|
protected_repo_listing_file: /etc/pki/pulp/content/pulp-protected-repos
|
|
|
|
[crl]
|
|
location: /etc/pki/pulp/content
|