From 8b5a65ae18ca81f654dc86b88e1a588f6ffc8033 Mon Sep 17 00:00:00 2001 From: Lazlo Westerhof Date: Thu, 11 Jan 2024 16:51:17 +0100 Subject: [PATCH] YDA-5395: Apache 2.4.6 needs a separate certificate chain file --- roles/yoda_external_user_service/defaults/main.yml | 2 ++ .../templates/yoda-external-user-service-vhost.conf.j2 | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/yoda_external_user_service/defaults/main.yml b/roles/yoda_external_user_service/defaults/main.yml index 898b76511..12fa3121b 100644 --- a/roles/yoda_external_user_service/defaults/main.yml +++ b/roles/yoda_external_user_service/defaults/main.yml @@ -43,4 +43,6 @@ eus_mail_template: uu openssl_private_dir: '/etc/pki/tls/private' openssl_certs_dir: '/etc/pki/tls/certs' openssl_key_signed: localhost.key +openssl_crt_signed: localhost.crt openssl_crt_signed_and_chain: localhost_and_chain.crt +openssl_chain: chain.crt diff --git a/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2 b/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2 index 886b265cb..66de09b25 100644 --- a/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2 +++ b/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2 @@ -75,7 +75,8 @@ Listen {{ eus_api_port }} # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. - SSLCertificateFile {{ openssl_certs_dir }}/{{ openssl_crt_signed_and_chain }} + SSLCertificateFile {{ openssl_certs_dir }}/{{ openssl_crt_signed }} + SSLCertificateChainFile {{ openssl_certs_dir }}/{{ openssl_chain }} # Server Private Key: # If the key is not combined with the certificate, use this