YDA-5395: Apache 2.4.6 needs a separate certificate chain file

UtrechtUniversity · Jan 12, 2024 · 8b5a65a · 8b5a65a
1 parent 818cad1
commit 8b5a65a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/roles/yoda_external_user_service/defaults/main.yml b/roles/yoda_external_user_service/defaults/main.yml
@@ -43,4 +43,6 @@ eus_mail_template: uu
 openssl_private_dir: '/etc/pki/tls/private'
 openssl_certs_dir: '/etc/pki/tls/certs'
 openssl_key_signed: localhost.key
+openssl_crt_signed: localhost.crt
 openssl_crt_signed_and_chain: localhost_and_chain.crt
+openssl_chain: chain.crt
diff --git a/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2 b/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2
@@ -75,7 +75,8 @@ Listen {{ eus_api_port }}
     #   the certificate is encrypted, then you will be prompted for a
     #   pass phrase.  Note that a kill -HUP will prompt again.  A new
     #   certificate can be generated using the genkey(1) command.
-    SSLCertificateFile      {{ openssl_certs_dir }}/{{ openssl_crt_signed_and_chain }}
+    SSLCertificateFile      {{ openssl_certs_dir }}/{{ openssl_crt_signed }}
+    SSLCertificateChainFile {{ openssl_certs_dir }}/{{ openssl_chain }}
 
     #   Server Private Key:
     #   If the key is not combined with the certificate, use this