httpd.git/httpd-ssl-gencerts, branch add_tests Unnamed repository; edit this file 'description' to name the repository. better error handling in httpd-ssl-gencerts (#1494556) 2017-09-22T14:48:42+00:00 Joe Orton jorton@redhat.com 2017-09-22T14:48:42+00:00 962c8003312ff2f026e5855e536b3073062e0f01 Resolves: rhbz#1494556 
Resolves: rhbz#1494556
Handle edge-cases in gencerts 2017-09-22T14:37:53+00:00 Stephen Gallagher sgallagh@redhat.com 2017-09-22T14:29:43+00:00 eec4cf442f96fabda35399b232ef5b5206e9901f Make sure that we exit with success if the files already exist and that we exit with failure and a message if only one or the other is present. 
Make sure that we exit with success if the files already exist and
that we exit with failure and a message if only one or the other
is present.
Require sscg 2.2.0 for creating service and CA certificates together 2017-09-21T18:55:16+00:00 Stephen Gallagher sgallagh@redhat.com 2017-09-21T18:55:16+00:00 d614e8aa11f9520416f7ef10f93a29670efe1505 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
use sscg defaults; append CA cert to generated cert 2017-09-21T15:41:20+00:00 Joe Orton jorton@redhat.com 2017-09-21T15:41:20+00:00 6a777617406defe19df7a85b86427f1f3e0c3384 document httpd-init.service in httpd-init.service(8) 
document httpd-init.service in httpd-init.service(8)
Generate SSL keys on service start 2017-09-20T19:00:20+00:00 Stephen Gallagher sgallagh@redhat.com 2017-09-20T18:18:24+00:00 180ad320f452c4c58f6edc75a5749f665bf7459f This defers the creation of self-signed SSL certificates to the first time that httpd starts up. This has several advantages: * Waiting until the first boot will help avoid some issues with limited entropy in the install process. * The certificates can be regenerated automatically whenever they are removed, which helps with tools such as virt-sysprep * The certificates are now generated by SSCG, which produces a limited-trust CA alongside it that can be safely imported by a client. For more information on SSCG, see: https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/ Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> 
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>