Available technical configuration parameters

Protocol to use to calculate the ACME base URL if there isn’t any X-Forwarded-Proto nor X-Forwarded-Host in the header of the request

Prefix used to calculate the ACME base URL

Defines whether Horizon should behave like the Boulder ACME implementation (if set to false, Horizon will strictly follow the RFC). Only applicable if horizon.acme.http.json.prettify is set to "true"

Whether the ACME API can be used with GET requests instead of POST ones

Maximum configurable timeout in the ACME profiles

Maximum configurable delay in the ACME profiles

Maximum configurable retry count in the ACME profiles

Number of instances that will be started for each Horizon node to perform the ACME validation

Order time to live

Number of instances that will be started for each Horizon node to perform the ACME validation

Acme challenge size

Http response as sent as prettyfied json

Interval at which authorization validation is checked against the ACME server

Max delay before validation check against the ACME server is abandoned

Initial delay before starting validation check against the ACME server

Interval at which order status is checked against the ACME server

Max delay before order retrieval against the ACME server is abandoned

The timeout for requests to the event analytics actor

Interval at which the events are synchronized

Enable event analytics

The timeout for requests to the discovery event analytics actor

Interval at which the discovery events are synchronized

Enable discovery event analytics

The timeout for requests to the certificate analytics actor

Enable certificate analytics

The url to the analytics database. Should start with jdbc:duckdb: followed by the absolute path of the file.

The thread pool size for the analytics operations. Should be equal to ((physical_core_count * 2) + effective_spindle_count)

The memory limit to set to the duck db analytics database

How long the authentication cache lasts

Default administrator account name

Default administrator account display name

Relative path of the file where the initial admin password should be stored into

Length (in bytes) of the initial admin password

Default administrator account identity provider to use

Duration after which the bootstrap of Horizon times out

Default idle time after which a CA crl is removed from cache

Duration that the CA manager actor will wait to retrieve information about certificates (trust status, trust chain, …​)

Maximum configurable timeout for CRL/OCSP request for a CA

Maximum configurable refresh for a CA’s CRL

The CSV delimiter to use when exporting an HRQL query result to a CSV file

The CSV delimiter to use when exporting an HEQL query result to a CSV file

The CSV delimiter to use when exporting an HDQL query result to a CSV file

The CSV item attribute separator to use when exporting an HCQL query result to a CSV file

The CSV item separator to use when exporting an HCQL query result to a CSV file

The CSV delimiter to use when exporting an HCQL query result to a CSV file

Name of the HTTP header containing the certificate

Maximum time allowed for security principals search operations. For infinite timeout, use 0s

Maximum time allowed for request search and aggregate operations. For infinite timeout, use 0s

Maximum time allowed for event search operations. For infinite timeout, use 0s

Maximum time allowed for discovery event search and aggregate operations. For infinite timeout, use 0s

Maximum time allowed for certificate search and aggregate operations. For infinite timeout, use 0s

Time to live of the discovery events. If not set, events never expire

Time to live of the events. If not set, events never expire

Specify whether to chain and sign the Horizon events to ensure they haven’t been tampered with

Algorithm to use to hash the signature of the events in Horizon (other possible values are "HS384" and "HS256")

Secret to seal the events with

Do not throw an error if pending events are unsealed

Duration after which the event manager times out when trying to retrieve the last signed event in the database

How often will the Event Manager actor check in the database if new a new event appeared to sign it and display it in the "Events" section of Horizon

Difference of time allowed between the "Issued At Time" and the validation time (or the server time) (in the future only)

Difference of time allowed between the "Issued At Time" and the validation time (or the server time) (in the past only)

Difference of time allowed between the client time and the server time

Time to live of a password reset request (from the login prompt)

If set to true, enforces the use of the serverAuth EKU in the server authentication certificates (when Horizon accesses a service through TLS)

Duration after which the security manager times out when trying to authenticate a principal with its session

Default grace period for all requests

Default duration for all requests

Number of revocation requests downloaded from Intune

Limited to 500 max

Default timeout for REST requests for the REST datasource

Duration after which the Scheduler manager actor times out when retrieving scheduled tasks in the database

File extension that DER certificates sent as email attachments (through the notifications feature) will be given

File extension that PKCS#7 certificates sent as email attachments (through the notifications feature) will be given

File extension that PEM certificates sent as email attachments (through the notifications feature) will be given

Maximum recursion allowed for the HQL queries

Timeout for the system monitor loading

Number of certificates per batch when Horizon synchronizes the database with the CRL or update the cached entries

The refresh interval between CRL synchronizations

Timeout for the synchronizer actor

Timeout for thirdparty synchronization requests

Maximum configurable timeout on the PKI connectors

Duration after which the PKI Manager times out when trying to enroll or revoke a certificate

Number of parallel certificate requests (enrollment, revocation…) on the default queue

Number of certificate requests (enrollment, revocation) that can be queued on the default queue

Interval at which the PKI connectors statuses are checked

Hide the start-up banner

Default store encryption type to use when sending centralized EST responses

Choose whether or not scim discovery endpoints are authenticated

Default key type used for automation when none are specified in the profile

Custom endpoint configuration

Default allowed domains: a regular expression that the dns or email domains should match

Default allowed email domains: a regular expression that the email domains should match (after the @)

Default allowed dns domains: a regular expression that the dns domains should match

Duration after which the grading manager times out when retrieving the grading configuration from the database

How large can the grading manager queue can get before it discards new grading requests

Duration after which the grading actor times out when grading a certificate (upon enrolment)

Defines whether HTTP connections should remain open

Name of the HTTP header to use as Real IP

Name of the HTTP header containing the scheme requested - used for ACME

Name of the HTTP header containing the host requested - used for ACME

Enable advanced metrics for collection

Interval at which short lived metrics are computed

Interval at which background metrics are computed

Size of the nonce value used for the JWT authentication token

Time to live of the nonce used to validate the JWT authentication token

Size (in bytes) of the challenge stored in the nonce

Duration for which a nonce stays in Horizon before being removed

Size (in bytes) of the challenge stored in the nonce

Duration for which a nonce stays in Horizon before being removed

Size (in bytes) of the challenge stored in the nonce

Duration for which a nonce stays in Horizon before being removed

Separator character of the OpenID state

How many elements to retrieve in a security principals search query if no pageSize has been specified

How big can the pageSize parameter be in a security principals search query (Must be a positive integer)

How many elements to retrieve in a request search query if no pageSize has been specified

How big can the pageSize parameter be in a request search query (Must be a positive integer)

How many elements to retrieve in an event search query if no pageSize has been specified

How big can the pageSize parameter be in an event search query (Must be a positive integer)

How many elements to retrieve in a request search query if no pageSize has been specified

How big can the pageSize parameter be in a request search query (Must be a positive integer)

How many elements to retrieve in a request search query if no pageSize has been specified

How big can the pageSize parameter be in a request search query (Must be a positive integer)

How long must a trigger that fails for the first time wait before retrying

Maximum amount of failed attempts that a trigger can have before canceling

Trigger manager timeout

How often does the trigger manager check for triggers to run

The name of the escrow vault

The name of the configuration vault

The name of the transient vault

Timeout for encryption requests