Drop all use of SSLCertificateChainFile in apache configs

author Tom Hughes <tom@compton.nu>

Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)

committer Tom Hughes <tom@compton.nu>

Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)
author Tom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)
committer Tom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)
diff --git a/cookbooks/apache/attributes/default.rb b/cookbooks/apache/attributes/default.rb

index ee69042c7039e3ffaa7006d1e336a8d199bc2662..46feacd34cb8124ba8ff94caef08abd87f652a4a 100644 (file)
--- a/cookbooks/apache/attributes/default.rb
+++ b/cookbooks/apache/attributes/default.rb
@@ -29,6 +29,5 @@ default[:apache][:event][:max_connections_per_child] = 0
  default[:apache][:listen_address] = "*"
  
  default[:apache][:ssl][:certificate] = "openstreetmap"
-default[:apache][:ssl][:certificate_chain] = "rapidssl"
  
  default[:apache][:buffered_logs] = true
diff --git a/cookbooks/apache/recipes/ssl.rb b/cookbooks/apache/recipes/ssl.rb

index 3e39410996884c14c8af15304ef5fc39979c8cad..b9b2ca305787173a092101bf8f1714386af46792 100644 (file)
--- a/cookbooks/apache/recipes/ssl.rb
+++ b/cookbooks/apache/recipes/ssl.rb
@@ -18,7 +18,6 @@
  #
  
  certificate = node[:apache][:ssl][:certificate]
-certificate_chain = node[:apache][:ssl][:certificate_chain]
  
  node.default[:ssl][:certificates] = node[:ssl][:certificates] | [certificate]
  
@@ -29,12 +28,11 @@ apache_module "ssl"
  
  apache_conf "ssl" do
    template "ssl.erb"
-  variables :certificate => certificate, :certificate_chain => certificate_chain
+  variables :certificate => certificate
    notifies :reload, "service[apache2]"
  end
  
  apache = resources("service[apache2]")
  
-apache.subscribes(:restart, "cookbook_file[/etc/ssl/certs/#{certificate_chain}.pem]")
  apache.subscribes(:restart, "file[/etc/ssl/certs/#{certificate}.pem]")
  apache.subscribes(:restart, "file[/etc/ssl/private/#{certificate}.key]")
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb

index 63f0e21b0de1b3a69a60b3de1fc6fbf7a2841a55..e117eeaeda648c8b0f3fa273684bf9e655b2dae3 100644 (file)
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -7,7 +7,6 @@ SSLCipherSuite <%= node[:ssl][:ciphers] -%>
  
  SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
  SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
-SSLCertificateChainFile /etc/ssl/certs/<%= @certificate_chain %>.pem
  
  SSLUseStapling On
  SSLStaplingResponderTimeout 5
diff --git a/roles/ridley.rb b/roles/ridley.rb

index 7250ce893c72039cc4b74d3331bc10d83813d5b3..13ba3dafd72cc73d2553bf4db136c521f00268ae 100644 (file)
--- a/roles/ridley.rb
+++ b/roles/ridley.rb
@@ -7,8 +7,7 @@ default_attributes(
    },
    :apache => {
      :ssl => {
-      :certificate => "osmfoundation",
-      :certificate_chain => "startcom"
+      :certificate => "osmfoundation"
      }
    },
    :dhcpd => {
author	Tom Hughes <tom@compton.nu>
	Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)
cookbooks/apache/attributes/default.rb		patch \| blob \| history
cookbooks/apache/recipes/ssl.rb		patch \| blob \| history
cookbooks/apache/templates/default/ssl.erb		patch \| blob \| history
roles/ridley.rb		patch \| blob \| history