Commit Graph

4 Commits

Author SHA1 Message Date
Luboš Uhliarik
a97f2e349c prevent sscg writing /dhparams.pem 2023-01-24 16:50:25 +01:00
Joe Orton
41a6265259 Remove condition on localhost-ca.crt, tweak description. 2017-10-03 10:04:03 +01:00
Joe Orton
45393c8877 use sscg defaults; append CA cert to generated cert
document httpd-init.service in httpd-init.service(8)
2017-10-03 10:04:03 +01:00
Stephen Gallagher
f0c4143d98 Generate SSL keys on service start
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-10-03 10:04:03 +01:00