Ignore:
Timestamp:
Jan 2, 2011, 8:12:11 PM (12 years ago)
Author:
geofft
Message:
Rename current scripts.key to scripts-1024.key.

* httpd.conf: Default to scripts-1024.key for now.
* Blue Sun vhosts: Refer to scripts.key instead of scripts-new.key.
* reify-vhost: Add SSLCertificateKeyFile scripts.key for now for
  newly-reified vhosts, and a comment about what we're doing.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py

    r1449 r1768  
    1212#
    1313# Geoffrey Thomas <geofft@mit.edu>, 2008, public domain.
     14
     15# Note: As of 1/2011 we are inserting SSLCertificateKeyFile into reified
     16# hosts, because previously-acqured certificates were signed with an
     17# older (1024-bit) key. Sometime around 2014 when our last cert with
     18# this key expires, we can update /etc/httpd/conf/httpd.conf to point to
     19# the current key instead of the old one, and stop inserting this into
     20# individual vhost records. -geofft
    1421
    1522import ldap
     
    5663                Include conf.d/vhosts-common-ssl.conf
    5764                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
     65                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    5866        </VirtualHost>
    5967        <VirtualHost *:444>
     
    6674                Include conf.d/vhosts-common-ssl-cert.conf
    6775                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
     76                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    6877        </VirtualHost>
    6978</IfModule>""" % {
Note: See TracChangeset for help on using the changeset viewer.