Merge "TLS-everywhere: Configure CA for apache"

2017-05-18 13:19:27 +00:00 · 2017-05-18 13:19:27 +00:00 · d0696b9a9b
parent 8a099a91c2 6bb2d9e5f8
commit d0696b9a9b
1 changed files with 6 additions and 0 deletions
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@ -38,6 +38,11 @@ parameters:
  EnableInternalTLS:
    type: boolean
    default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.

 conditions:

@ -88,6 +93,7 @@ outputs:
            - internal_tls_enabled
            -
              generate_service_certificates: true
+              apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
              tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
              tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
              apache_certificates_specs: