Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
Description
mikeporter Yesterday at 3:50 PM
Using the default settings for SSL environment variables and not overlaying ssl-enabled.conf, I am gettting httpd;console;;;SSLCertificateChainFile: file ‘/etc/pki/tls/certs/cachain.pem’ does not exist or is empty
3 replies
Chris Hyzer 18 hours ago
you either need to put a cert there, or pass -e GROUPER_USE_SSL=false, or pass GROUPER_SELF_SIGNED_CERT=true. Dont want the default to be un-secure. can you just pass GROUPER_USE_SSL=false?
mikeporter 6 hours ago
Chris, I am passing a cert using a secret located at /run/secrets/server.pem. This causes the symlink host-key.pem -> /run/secrets/host-key.pem in /etc/pki/tls/private to appear, as documented and which works fine. But, I don’t appear to need /etc/pki/tls/certs/cachain.pem nor do I see a way to associate it with a /run/secrets file.
Chris Hyzer < 1 minute ago
so what you are saying is, if there is no file named /etc/pki/tls/certs/cachain.pem, then the container should remove this line:
SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem
From /etc/httpd/conf.d/ssl-enabled.conf?