rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
544 Commits 12 Branches 73 Tags 10 MiB
584830e35e
Commit Graph

5 Commits

Author SHA1 Message Date
Joe Orton
10e930c744 better error handling in httpd-ssl-gencerts (#1494556) 
Resolves: rhbz#1494556
 2017-10-03 10:04:03 +01:00
Stephen Gallagher
2038991f8c Handle edge-cases in gencerts 
Make sure that we exit with success if the files already exist and
that we exit with failure and a message if only one or the other
is present.
 2017-10-03 10:04:03 +01:00
Stephen Gallagher
76ede692d8 Require sscg 2.2.0 for creating service and CA certificates together 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2017-10-03 10:04:03 +01:00
Joe Orton
45393c8877 use sscg defaults; append CA cert to generated cert 
document httpd-init.service in httpd-init.service(8)
 2017-10-03 10:04:03 +01:00
Stephen Gallagher
f0c4143d98 Generate SSL keys on service start 
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2017-10-03 10:04:03 +01:00