manage the certificate used for default connexion too, since that's the one that xymon check for expiry ( and that's also what openssl does ). Probably a issue with SNI, didn't look more in details for tonight

author: Michael Scherer <misc@mageia.org> 2012-03-17 01:25:04 +0000
committer: Michael Scherer <misc@mageia.org> 2012-03-17 01:25:04 +0000
commit: 7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae (patch)
tree: b6eaf73cbf01324483caeb9f9e6ddaaaff725795 /modules/apache
parent: 5e62738ef5aa7da16f2f0a6a2933d81261a8f9a0 (diff)
download: puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar
puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar.gz
puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar.bz2
puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar.xz
puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.zip
2 files changed, 7 insertions, 2 deletions
diff --git a/modules/apache/manifests/init.pp b/modules/apache/manifests/init.pp
index e6557211..d1bddc4b 100644
--- a/modules/apache/manifests/init.pp
+++ b/modules/apache/manifests/init.pp
@@ -62,6 +62,11 @@ class apache {
             ensure => directory
         }
 
+        openssl::self_signed_cert{ 'localhost':
+            directory => '/etc/ssl/apache/',
+            before => Apache::Config['/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf'],
+        }
+ 
         package { "apache-mod_ssl": }
 
         apache::config {
diff --git a/modules/apache/templates/01_default_ssl_vhost.conf b/modules/apache/templates/01_default_ssl_vhost.conf
index d096c5db..d2aa9f94 100644
--- a/modules/apache/templates/01_default_ssl_vhost.conf
+++ b/modules/apache/templates/01_default_ssl_vhost.conf
@@ -42,8 +42,8 @@ SSLCertificateKeyFile /etc/ssl/wildcard.<%= domain %>.key
 SSLCACertificateFile /etc/ssl/wildcard.<%= domain %>.pem
 SSLVerifyClient None
 <%- else -%>
-SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+SSLCertificateFile    /etc/ssl/apache/localhost.pem
+SSLCertificateKeyFile /etc/ssl/apache/localhost.pem
 #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
 #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
 <%- end -%>
author	Michael Scherer <misc@mageia.org>	2012-03-17 01:25:04 +0000
committer	Michael Scherer <misc@mageia.org>	2012-03-17 01:25:04 +0000
commit	7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae (patch)
tree	b6eaf73cbf01324483caeb9f9e6ddaaaff725795 /modules/apache
parent	5e62738ef5aa7da16f2f0a6a2933d81261a8f9a0 (diff)
download	puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar.gz puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar.bz2 puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.tar.xz puppet-7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae.zip