Drop all use of SSLCertificateChainFile in apache configs
authorTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 14:41:42 +0000 (14:41 +0000)
cookbooks/apache/attributes/default.rb
cookbooks/apache/recipes/ssl.rb
cookbooks/apache/templates/default/ssl.erb
roles/ridley.rb

index ee69042c7039e3ffaa7006d1e336a8d199bc2662..46feacd34cb8124ba8ff94caef08abd87f652a4a 100644 (file)
@@ -29,6 +29,5 @@ default[:apache][:event][:max_connections_per_child] = 0
 default[:apache][:listen_address] = "*"
 
 default[:apache][:ssl][:certificate] = "openstreetmap"
-default[:apache][:ssl][:certificate_chain] = "rapidssl"
 
 default[:apache][:buffered_logs] = true
index 3e39410996884c14c8af15304ef5fc39979c8cad..b9b2ca305787173a092101bf8f1714386af46792 100644 (file)
@@ -18,7 +18,6 @@
 #
 
 certificate = node[:apache][:ssl][:certificate]
-certificate_chain = node[:apache][:ssl][:certificate_chain]
 
 node.default[:ssl][:certificates] = node[:ssl][:certificates] | [certificate]
 
@@ -29,12 +28,11 @@ apache_module "ssl"
 
 apache_conf "ssl" do
   template "ssl.erb"
-  variables :certificate => certificate, :certificate_chain => certificate_chain
+  variables :certificate => certificate
   notifies :reload, "service[apache2]"
 end
 
 apache = resources("service[apache2]")
 
-apache.subscribes(:restart, "cookbook_file[/etc/ssl/certs/#{certificate_chain}.pem]")
 apache.subscribes(:restart, "file[/etc/ssl/certs/#{certificate}.pem]")
 apache.subscribes(:restart, "file[/etc/ssl/private/#{certificate}.key]")
index 63f0e21b0de1b3a69a60b3de1fc6fbf7a2841a55..e117eeaeda648c8b0f3fa273684bf9e655b2dae3 100644 (file)
@@ -7,7 +7,6 @@ SSLCipherSuite <%= node[:ssl][:ciphers] -%>
 
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
-SSLCertificateChainFile /etc/ssl/certs/<%= @certificate_chain %>.pem
 
 SSLUseStapling On
 SSLStaplingResponderTimeout 5
index 7250ce893c72039cc4b74d3331bc10d83813d5b3..13ba3dafd72cc73d2553bf4db136c521f00268ae 100644 (file)
@@ -7,8 +7,7 @@ default_attributes(
   },
   :apache => {
     :ssl => {
-      :certificate => "osmfoundation",
-      :certificate_chain => "startcom"
+      :certificate => "osmfoundation"
     }
   },
   :dhcpd => {