# 4) and /etc/httpd/conf (Fedora Core 2). If the API, boot,
# and web servers are all running on the same machine, the web
# server certificate takes precedence.
- for server in API BOOT WWW MONITOR; do
+ for server in API BOOT MONITOR WWW; do
enabled=PLC_${server}_ENABLED
if [ "${!enabled}" != "1" ] ; then
continue
fi
ssl_key=PLC_${server}_SSL_KEY
ssl_crt=PLC_${server}_SSL_CRT
+ ssl_ca_crt=PLC_${server}_CA_SSL_CRT
symlink ${!ssl_crt} /etc/pki/tls/certs/localhost.crt
symlink ${!ssl_key} /etc/pki/tls/private/localhost.key
+ symlink ${!ssl_ca_crt} /etc/pki/tls/certs/server-chain.crt
symlink ${!ssl_crt} /etc/httpd/conf/ssl.crt/server.crt
symlink ${!ssl_key} /etc/httpd/conf/ssl.key/server.key
done
+ # Ensure that the server-chain gets used, as it is off by
+ # default.
+ sed -i -e 's/^#SSLCertificateChainFile /SSLCertificateChainFile /' \
+ /etc/httpd/conf.d/ssl.conf
+
result "$MESSAGE"
;;
esac