> For the complete documentation index, see [llms.txt](https://docs.scepman.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.scepman.com/scepman-configuration/application-settings/csr-validation.md). # Certificate Master {% hint style="warning" %} SCEPman Enterprise Edition only {% endhint %} {% hint style="info" %} These settings should only be applied to the SCEPman App Service, not the Certificate Master. Please refer to [SCEPman Settings](/scepman-configuration/application-settings.md). {% endhint %} ## AppConfig:CertMaster:URL *Linux: AppConfig\_\_CertMaster\_\_URL* **Value:** The URL of your SCEPman Certificate Master App Service **Description:** Your Certificate Master service is linked to on the SCEPman Homepage using the URL configured here. The SCEPman PowerShell module also uses this value during updates or re-configurations to link together SCEPman and its corresponding Certificate Master instance. ## AppConfig:DirectCSRValidation:Enabled *Linux: AppConfig\_\_DirectCSRValidation\_\_Enabled* **Value:** *true* or *false* **Description:** This endpoint is required for the Certificate Master component. You must set this to *true* to use Certificate Master. Only Certificate Master is allowed to submit requests via this endpoint. ## AppConfig:DirectCSRValidation:DefaultEkus *Linux: AppConfig\_\_DirectCSRValidation\_\_DefaultEkus* **Value:** ClientAuthentication (or other EKUs) **Description:** This setting defines the default EKUs to be used for CSR signing when the CSR does not specify any. If the CSR includes its own EKU(s), this setting will be ignored. Multiple EKUs can be specified, separated by commas. ## AppConfig:DirectCSRValidation:ValidityPeriodDays *Linux: AppConfig\_\_DirectCSRValidation\_\_ValidityPeriodDays* **Value:** Positive *Integer* **Description:** This setting further reduces the global ValidityPeriodDays for the CSR endpoint. For example, you may define a value like 365 days here and set the global AppConfig:ValidityPeriodDays to 730. Then, certificates issued through Certificate Master will have one year validity, while certificates issued through other endpoints may be valid up to two years. Usually, though, you will not configure anything here and instead reduce the validity for other endpoints, because server certificates from internal PKIs usually have a longer validity then client certificates. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.scepman.com/scepman-configuration/application-settings/csr-validation.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.