Changeset 1768


Ignore:
Timestamp:
Jan 2, 2011, 8:12:11 PM (13 years ago)
Author:
geofft
Message:
Rename current scripts.key to scripts-1024.key.

* httpd.conf: Default to scripts-1024.key for now.
* Blue Sun vhosts: Refer to scripts.key instead of scripts-new.key.
* reify-vhost: Add SSLCertificateKeyFile scripts.key for now for
  newly-reified vhosts, and a comment about what we're doing.

Location:
trunk/server/fedora/config/etc/httpd
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/httpd/conf/httpd.conf

    r1732 r1768  
    326326    SSLCryptoDevice builtin
    327327    SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
    328     SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
     328    SSLCertificateKeyFile /etc/pki/tls/private/scripts-1024.key
    329329    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
    330330    SSLVerifyClient none
  • trunk/server/fedora/config/etc/httpd/vhosts.d/finance.blue-sun-corp.com.conf

    r1766 r1768  
    1919                Include conf.d/vhosts-common-ssl.conf
    2020                SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
    21                 SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
     21                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    2222        </VirtualHost>
    2323        <VirtualHost *:444>
     
    3030                Include conf.d/vhosts-common-ssl-cert.conf
    3131                SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
    32                 SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
     32                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    3333        </VirtualHost>
    3434</IfModule>
  • trunk/server/fedora/config/etc/httpd/vhosts.d/music.blue-sun-corp.com.conf

    r1766 r1768  
    1919                Include conf.d/vhosts-common-ssl.conf
    2020                SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
    21                 SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
     21                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    2222        </VirtualHost>
    2323        <VirtualHost *:444>
     
    3030                Include conf.d/vhosts-common-ssl-cert.conf
    3131                SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
    32                 SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
     32                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    3333        </VirtualHost>
    3434</IfModule>
  • trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py

    r1449 r1768  
    1212#
    1313# Geoffrey Thomas <geofft@mit.edu>, 2008, public domain.
     14
     15# Note: As of 1/2011 we are inserting SSLCertificateKeyFile into reified
     16# hosts, because previously-acqured certificates were signed with an
     17# older (1024-bit) key. Sometime around 2014 when our last cert with
     18# this key expires, we can update /etc/httpd/conf/httpd.conf to point to
     19# the current key instead of the old one, and stop inserting this into
     20# individual vhost records. -geofft
    1421
    1522import ldap
     
    5663                Include conf.d/vhosts-common-ssl.conf
    5764                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
     65                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    5866        </VirtualHost>
    5967        <VirtualHost *:444>
     
    6674                Include conf.d/vhosts-common-ssl-cert.conf
    6775                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
     76                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    6877        </VirtualHost>
    6978</IfModule>""" % {
  • trunk/server/fedora/config/etc/httpd/vhosts.d/trac.blue-sun-corp.com.conf

    r1766 r1768  
    1919                Include conf.d/vhosts-common-ssl.conf
    2020                SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
    21                 SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
     21                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    2222        </VirtualHost>
    2323        <VirtualHost *:444>
     
    3030                Include conf.d/vhosts-common-ssl-cert.conf
    3131                SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
    32                 SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
     32                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    3333        </VirtualHost>
    3434</IfModule>
Note: See TracChangeset for help on using the changeset viewer.