TLS-everywhere: Configure CA for apache
This tells apache which CA certificate was used to sign the certs it's using. this setting is useful in case we want to enable OCSP stapling or client authentication via TLS. Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
This commit is contained in:
parent
30bd4f5189
commit
6bb2d9e5f8
|
@ -38,6 +38,11 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -88,6 +93,7 @@ outputs:
|
|||
- internal_tls_enabled
|
||||
-
|
||||
generate_service_certificates: true
|
||||
apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
|
||||
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
|
||||
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
|
||||
apache_certificates_specs:
|
||||
|
|
Loading…
Reference in New Issue