From 26f44e115174a261a1ff8b42e9748518b7dd9f78 Mon Sep 17 00:00:00 2001
From: Matthieu Saulnier <fantom@fedoraproject.org>
Date: Fri, 14 May 2021 19:56:28 +0200
Subject: Fix path of the local root CA used for network services

---
 roles/dnsserver/tasks/crt.yml            | 2 +-
 roles/mtaserver/tasks/crt.yml            | 4 ++--
 roles/mtaserver/templates/10-ssl.conf.j2 | 2 +-
 roles/proxy/tasks/crt.yml                | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'roles')

diff --git a/roles/dnsserver/tasks/crt.yml b/roles/dnsserver/tasks/crt.yml
index 8adde34..66b003b 100644
--- a/roles/dnsserver/tasks/crt.yml
+++ b/roles/dnsserver/tasks/crt.yml
@@ -81,7 +81,7 @@
 # distant. Basé sur les symlink de rétrocompat.
 # essayer de faire passer en args une variable pour crtversion et pour maindomain
 - name: Mise à jour du fichier fullchain.pem
-  shell: cat /etc/pki/tls/certs/casperlefantom.1.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.fullchain.crt
+  shell: cat /etc/pki/tls/certs/casperlefantom.1.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.fullchain.crt
   args:
     executable: /usr/bin/zsh
   when: crtupdate is changed
diff --git a/roles/mtaserver/tasks/crt.yml b/roles/mtaserver/tasks/crt.yml
index 468bfae..8aec7d5 100644
--- a/roles/mtaserver/tasks/crt.yml
+++ b/roles/mtaserver/tasks/crt.yml
@@ -35,7 +35,7 @@
 # distant.
 # essayer de faire passer en args une variable pour basedomain
 - name: Mise à jour du fichier fullchain.pem
-  shell: cat /etc/pki/tls/certs/casperlefantom.net.postfix.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.postfix.fullchain.crt
+  shell: cat /etc/pki/tls/certs/casperlefantom.net.postfix.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.postfix.fullchain.crt
   args:
     executable: /usr/bin/zsh
   when: mtadomain is defined
@@ -80,7 +80,7 @@
 # distant.
 # essayer de faire passer en args une variable pour basedomain
 - name: Mise à jour du fichier fullchain.pem
-  shell: cat /etc/pki/tls/certs/casperlefantom.net.dovecot.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.dovecot.fullchain.crt
+  shell: cat /etc/pki/tls/certs/casperlefantom.net.dovecot.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.dovecot.fullchain.crt
   args:
     executable: /usr/bin/zsh
   when: mtadomain is defined
diff --git a/roles/mtaserver/templates/10-ssl.conf.j2 b/roles/mtaserver/templates/10-ssl.conf.j2
index 8d81e7f..fedc92b 100644
--- a/roles/mtaserver/templates/10-ssl.conf.j2
+++ b/roles/mtaserver/templates/10-ssl.conf.j2
@@ -24,7 +24,7 @@ ssl_key = </etc/pki/tls/private/{{ mtadomain.0 }}.dovecot.key
 # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
 # followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
 #ssl_ca = 
-ssl_ca = /etc/pki/ca-trust/source/anchors/root.pem
+ssl_ca = /etc/pki/tls/certs/mon-ca.crt
 
 # Require that CRL check succeeds for client certificates.
 #ssl_require_crl = yes
diff --git a/roles/proxy/tasks/crt.yml b/roles/proxy/tasks/crt.yml
index 61071d3..03d6767 100644
--- a/roles/proxy/tasks/crt.yml
+++ b/roles/proxy/tasks/crt.yml
@@ -32,7 +32,7 @@
 # distant.
 # essayer de faire passer en args une variable pour basedomain
 - name: Mise à jour du fichier fullchain.pem
-  shell: cat /etc/pki/tls/certs/casperlefantom.net.squid.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.squid.fullchain.crt
+  shell: cat /etc/pki/tls/certs/casperlefantom.net.squid.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.squid.fullchain.crt
   args:
     executable: /usr/bin/zsh
   tags: keys
-- 
cgit