From 7ed1d3f2aae7d4ed9d72688f13289e0cbb1270ae Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sat, 17 Mar 2012 01:25:04 +0000 Subject: manage the certificate used for default connexion too, since that's the one that xymon check for expiry ( and that's also what openssl does ). Probably a issue with SNI, didn't look more in details for tonight --- modules/apache/manifests/init.pp | 5 +++++ modules/apache/templates/01_default_ssl_vhost.conf | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'modules/apache') diff --git a/modules/apache/manifests/init.pp b/modules/apache/manifests/init.pp index e6557211..d1bddc4b 100644 --- a/modules/apache/manifests/init.pp +++ b/modules/apache/manifests/init.pp @@ -62,6 +62,11 @@ class apache { ensure => directory } + openssl::self_signed_cert{ 'localhost': + directory => '/etc/ssl/apache/', + before => Apache::Config['/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf'], + } + package { "apache-mod_ssl": } apache::config { diff --git a/modules/apache/templates/01_default_ssl_vhost.conf b/modules/apache/templates/01_default_ssl_vhost.conf index d096c5db..d2aa9f94 100644 --- a/modules/apache/templates/01_default_ssl_vhost.conf +++ b/modules/apache/templates/01_default_ssl_vhost.conf @@ -42,8 +42,8 @@ SSLCertificateKeyFile /etc/ssl/wildcard.<%= domain %>.key SSLCACertificateFile /etc/ssl/wildcard.<%= domain %>.pem SSLVerifyClient None <%- else -%> -SSLCertificateFile /etc/pki/tls/certs/localhost.crt -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key +SSLCertificateFile /etc/ssl/apache/localhost.pem +SSLCertificateKeyFile /etc/ssl/apache/localhost.pem #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt <%- end -%> -- cgit v1.2.1