Configure SSLMate (for advanced users)
The sslmate command is configured by the
.sslmate file in your home directory (you can create this file if it doesn't exist yet). This file contains one configuration option per line of the form
NAME VALUE. Blank lines and lines starting with
# are ignored.
The options are:
api_key– your API key, which can be found on your account page. This option is automatically set when you run
cert_directory– the directories where SSLMate places keys and certificates. When running as root, the default is
/etc/sslmate. When running as non-root, the default is the current working directory.
cert_format.NAME– enable (by setting to "yes") or disable (by setting to "no") the given certificate format, where NAME is one of the following formats:
chained– a concatenation of the certificate and intermediate certificate chain, in PEM encoding. (Enabled by default.)
combined– a concatenation of the private key, certificate, and intermediate certificate chain, in PEM encoding.
p12– a PKCS#12 (also known as PFX) file containing the private key, certificate, and intermediate certificate chain. The password for the file is
jks– a Java keystore file containing the private key, certificate, and intermediate certificate chain. The password for the file is
root– the root certificate, in PEM encoding.
chain+root– the intermediate certificate chain, including the root certificate, in PEM encoding.
wildcard_filename– when creating files for wildcard certificates, use the specified prefix in the filename instead of a * character.
key_type– the type of key to generate by default when buying or reissuing a certificate ("rsa" or "ecdsa"). You should leave this set to the default (RSA) unless you know what you are doing. Consult the
sslmate(1)man page for more information.
api_endpoint– the URL to the SSLMate API endpoint. You only need to set this option if you are using the sandbox.
Example Config File
# This is a comment. api_key 131_4Hhw7TekU2LwhglRdHHm # Also create PKCS#12 and "combined" files: cert_format.p12 yes cert_format.combined yes # Use "wildcard" instead of "*" in wildcard cert filenames: wildcard_filename wildcard
SSLMate also reads
/etc/sslmate.conf if present. Options in
~/.sslmate override options from
You can specify a non-default configuration profile by passing the
--profile=PROFILE flag to
sslmate. If this flag is specified, the string
-PROFILE is appended to the paths of the configuration file and default key and certificate directories.
For example, if
--profile=company is used, the global configuration
/etc/sslmate-company.conf and the default certificate
/etc/sslmate-company, instead of
Configuration profiles are intended for those who need to use several different SSLMate accounts on a single server, since each configuration file can contain distinct SSLMate API credentials.
Note: this documentation applies to version 1.0 and up of the sslmate client.