f0c4143d98
This defers the creation of self-signed SSL certificates to the first time that httpd starts up. This has several advantages: * Waiting until the first boot will help avoid some issues with limited entropy in the install process. * The certificates can be regenerated automatically whenever they are removed, which helps with tools such as virt-sysprep * The certificates are now generated by SSCG, which produces a limited-trust CA alongside it that can be safely imported by a client. For more information on SSCG, see: https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/ Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
13 lines
317 B
Desktop File
13 lines
317 B
Desktop File
[Unit]
|
|
Description=One-time configuration for httpd.service
|
|
|
|
ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt
|
|
ConditionPathExists=|!/etc/pki/tls/certs/localhost-ca.crt
|
|
ConditionPathExists=|!/etc/pki/tls/private/localhost.key
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=no
|
|
|
|
ExecStart=/usr/libexec/httpd-ssl-gencerts
|