diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
commit | 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch) | |
tree | f9748c7e287041e37d6da49e0a29c9511dc34768 /doc/administration/smime_signing_email.md | |
parent | dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff) | |
download | gitlab-ce-9f46488805e86b1bc341ea1620b866016c2ce5ed.tar.gz |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'doc/administration/smime_signing_email.md')
-rw-r--r-- | doc/administration/smime_signing_email.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/administration/smime_signing_email.md b/doc/administration/smime_signing_email.md index ed7447c0da9..bab7c5c260d 100644 --- a/doc/administration/smime_signing_email.md +++ b/doc/administration/smime_signing_email.md @@ -18,6 +18,9 @@ files must be provided: intervention. - Only RSA keys are supported. +Optionally, you can also provide a bundle of CA certs (PEM-encoded) to be +included on each signature. This will typically be an intermediate CA. + NOTE: **Note:** Be mindful of the access levels for your private keys and visibility to third parties. @@ -29,6 +32,8 @@ third parties. gitlab_rails['gitlab_email_smime_enabled'] = true gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key' gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt' + # Optional + gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt' ``` 1. Save the file and [reconfigure GitLab](restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. @@ -49,6 +54,9 @@ NOTE: **Note:** The key needs to be readable by the GitLab system user (`git` by # S/MIME public certificate key in PEM format, will be attached to signed messages # Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app). cert_file: /etc/pki/smime/certs/gitlab.crt + # S/MIME extra CA public certificates in PEM format, will be attached to signed messages + # Optional + ca_certs_file: /etc/pki/smime/certs/gitlab_cas.crt ``` 1. Save the file and [restart GitLab](restart_gitlab.md#installations-from-source) for the changes to take effect. |