Skip to main content

Configuration

Configure the probe

reBop probe configuration is set in the config.yml file in the config folder.

# reBop probe configuration

# reBop User configuration
user:
  rebopapikey: ""

# reBop server
rebopserver:
  proto: "https"
  host: "api.rebop.io"
  port: "443"

# ACME Certificate Authority Configuration
acme:
  cadirurl: ""
  useremail: ""
  hostname: ""

# local cache database
probe:
  filedb: "./reBop-probe.db"

Api Key

Business subscription subscription required

When providing a valid Api Key rebopapikey in the config file, reBop probe is able to authenticate to reBop server specified in the config file under rebopserver in order to automatically send discovered certificates and associated metadata.

reBop server

Business subscription subscription required

reBop server endpoint must be filled in order for the probe to send its result to reBop.

  • proto can be https or http.
  • host is reBop FQDN.
  • port is the TCP port reBop server listens to.
info

As reBop can also be installed on premise, rebopserver can be configured to an internal domain or IP address running reBop.

ACME configuration

reBop probe implements ACME. ACME or Automated Certificate Management Environment is a protocol enabling automatic issuance and renewal of certificates, all without human interaction. This protocol is used between reBop probe and a Certificate Authority (CA) supporting ACME to request and renew domain validated (DV) certificates.

  • cadirurl is the ACME PKI endpoint URL.
  • useremail is the email adress used to register to the PKI.
  • hostname is the FQDN you request a certificate for.
tip

As of v1 reBop probe only implements HTTP (TCP port 80) and HTTPS (TCP port 443) resolver to prove ownership of the claimed domain name to the ACME PKI. You need to execute the probe with administrative privileges.

Local cache database

reBop stores already scanned certificates and path in a local database file. Every time the probe runs, it excludes already scanned certificates from the output file.
This local database only includes certificate and file path hash, not the certificates themselves.

tip

If you need to rescan your local filesystem, just delete the local cache file and run the probe.