Skip to main content

PKI Certificate Parameters

Combine's PKI certificate settings — such as key size, signing algorithm, and certificate encryption — can be customized through Combine Configuration.

These settings can also be configured from the TAP Dashboard under Settings > PKI Certificates.

Certificate Key and Signing Options

Parameter NameExample ValueDescription
combine.tap.certificates.key.size2048, 4096RSA key size in bits for generated certificates
combine.tap.certificates.hash.algorithmSHA256withRSASigning algorithm used for certificate generation

Certificate Encryption

User and server certificate private keys can optionally be encrypted at rest:

Parameter NameValueDescription
combine.tap.certificates.user.key.encryptedtrue / falseWhen true, encrypts the private key in user certificates
combine.tap.certificates.server.key.encryptedtrue / falseWhen true, encrypts the private key in server certificates

Custom DNS Names

Additional DNS Subject Alternative Names (SANs) can be added to TAP and Endpoints certificates to support custom DNS zones or external access:

Parameter NameValueDescription
combine.tap.certificates.dns.tap.customComma-separated DNS namesAdditional DNS SANs added to the TAP server certificate
combine.tap.certificates.dns.endpoints.customComma-separated DNS namesAdditional DNS SANs added to the Endpoints server certificate
combine.tap.certificates.dns.tap.directAccessComma-separated DNS namesDirect-access DNS names for the TAP server
combine.tap.certificates.dns.endpoints.directAccessComma-separated DNS namesDirect-access DNS names for Endpoints servers
combine.tap.certificates.dns.tap.directAccess.externalComma-separated DNS namesExternal DNS names for TAP direct access
combine.tap.certificates.dns.endpoints.directAccess.externalComma-separated DNS namesExternal DNS names for Endpoints direct access

Setting Configuration Values

All configuration values above are set in the Combine Configuration DynamoDB table (combine-configuration). See Edit Combine Configuration Values for instructions.

NOTE: Changes to certificate parameters require a certificate rebuild to take effect. Contact your Combine Support Team for assistance with certificate rotation.