From a6ec68e80ffbb6b653c4451b7e8429ec814c1dc2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 19 Jan 2022 20:18:46 +0100
Subject: [PATCH] [WebAuthn] update mailcow.conf

---
 generate_config.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/generate_config.sh b/generate_config.sh
index 67ff3acf..99c499d0 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -344,6 +344,23 @@ DOVECOT_MASTER_PASS=
 # https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/
 ACME_CONTACT=
 
+# Disable including device root ca's for WebAuthn
+# setting WEBAUTHN_DISABLE_ROOTCA=y will allow you to use Fido2 devices from untrusted Manufacturers
+# It will solve "Error: invalid root certificate" at TFA device registration
+# Suported devices are 
+#   solo certified
+#   apple certified
+#   nitro certified
+#   yubico certified
+#   hypersecu certified
+#   globalSign certified
+#   googleHardware certified
+#   microsoftTpmCollection certified
+#   huawei certified
+#   trustkey certified
+#   bsi certified
+WEBAUTHN_DISABLE_ROOTCA=
+
 EOF
 
 mkdir -p data/assets/ssl