diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-16 16:38:35 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-17 12:27:00 +0300 |
commit | 6bb2d9e5f82c57d708bff1d3c2bfb0c18dcec1d3 (patch) | |
tree | 16ec3578751ea9fcc375a3b88f7595ff13273599 /puppet | |
parent | 30bd4f5189087b2cabc2129da512895011cac88f (diff) |
TLS-everywhere: Configure CA for apache
This tells apache which CA certificate was used to sign the certs it's
using. this setting is useful in case we want to enable OCSP stapling or
client authentication via TLS.
Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/services/apache.yaml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index f3021060..12ecc7b5 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -38,6 +38,11 @@ parameters: EnableInternalTLS: type: boolean default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -88,6 +93,7 @@ outputs: - internal_tls_enabled - generate_service_certificates: true + apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile} tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' apache_certificates_specs: |