rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
453 Commits 12 Branches 73 Tags 10 MiB
e4c2da63b4
Commit Graph

5 Commits

Author SHA1 Message Date
Joe Orton
962c800331 better error handling in httpd-ssl-gencerts (#1494556) 
Resolves: rhbz#1494556
 2017-09-22 15:48:42 +01:00
Stephen Gallagher
eec4cf442f
Handle edge-cases in gencerts 
Make sure that we exit with success if the files already exist and
that we exit with failure and a message if only one or the other
is present.
 2017-09-22 10:37:53 -04:00
Stephen Gallagher
d614e8aa11
Require sscg 2.2.0 for creating service and CA certificates together 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2017-09-21 14:55:16 -04:00
Joe Orton
6a77761740 use sscg defaults; append CA cert to generated cert 
document httpd-init.service in httpd-init.service(8)
 2017-09-21 16:41:20 +01:00
Stephen Gallagher
180ad320f4
Generate SSL keys on service start 
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2017-09-20 15:00:20 -04:00