From 51e4af31d32dc1bef4ec10dd696c347687b6711c Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Mon, 1 May 2017 10:03:14 -0500 Subject: [PATCH] better HTTPS configuration --- comanage-registry-basic-auth/000-comanage.conf | 1 - comanage-registry-basic-auth/README.md | 5 ++--- comanage-registry-mod-auth-openidc/000-comanage.conf | 1 - comanage-registry-mod-auth-openidc/README.md | 5 ++--- comanage-registry-shibboleth-sp/000-comanage.conf | 1 - comanage-registry-shibboleth-sp/README.md | 5 ++--- comanage-registry/000-comanage.conf | 1 - comanage-registry/README.md | 5 ++--- 8 files changed, 8 insertions(+), 16 deletions(-) diff --git a/comanage-registry-basic-auth/000-comanage.conf b/comanage-registry-basic-auth/000-comanage.conf index 8a1c8c6..84134b1 100644 --- a/comanage-registry-basic-auth/000-comanage.conf +++ b/comanage-registry-basic-auth/000-comanage.conf @@ -43,7 +43,6 @@ SSLCertificateFile /etc/apache2/cert.pem SSLCertificateKeyFile /etc/apache2/privkey.pem - SSLCertificateChainFile /etc/apache2/chain.pem Options Indexes FollowSymLinks diff --git a/comanage-registry-basic-auth/README.md b/comanage-registry-basic-auth/README.md index 3e021d6..1f629b6 100644 --- a/comanage-registry-basic-auth/README.md +++ b/comanage-registry-basic-auth/README.md @@ -149,11 +149,10 @@ stderr of the container. ### HTTPS Configuration -Mount or COPY in an X.509 certificate file, associated private key file, -and certificate signing chain file. +Mount or COPY in an X.509 certificate file (containing the CA signing certificate(s), if any) +and associated private key file. ``` COPY cert.pem /etc/apache2/cert.pem COPY privkey.pem /etc/apache2/privkey.pem -COPY chain.pem /etc/apache2/chain.pem ``` diff --git a/comanage-registry-mod-auth-openidc/000-comanage.conf b/comanage-registry-mod-auth-openidc/000-comanage.conf index b55ceba..8d0c8e7 100644 --- a/comanage-registry-mod-auth-openidc/000-comanage.conf +++ b/comanage-registry-mod-auth-openidc/000-comanage.conf @@ -43,7 +43,6 @@ SSLCertificateFile /etc/apache2/cert.pem SSLCertificateKeyFile /etc/apache2/privkey.pem - SSLCertificateChainFile /etc/apache2/chain.pem IncludeOptional /etc/apache2/conf-enabled/mod-auth-openidc.conf diff --git a/comanage-registry-mod-auth-openidc/README.md b/comanage-registry-mod-auth-openidc/README.md index 453ea85..1e5d9eb 100644 --- a/comanage-registry-mod-auth-openidc/README.md +++ b/comanage-registry-mod-auth-openidc/README.md @@ -165,11 +165,10 @@ stderr of the container. ### HTTPS Configuration -Mount or COPY in an X.509 certificate file, associated private key file, -and certificate signing chain file. +Mount or COPY in an X.509 certificate file (containing the CA signing certificate(s), if any) +and associated private key file. ``` COPY cert.pem /etc/apache2/cert.pem COPY privkey.pem /etc/apache2/privkey.pem -COPY chain.pem /etc/apache2/chain.pem ``` diff --git a/comanage-registry-shibboleth-sp/000-comanage.conf b/comanage-registry-shibboleth-sp/000-comanage.conf index a5aafae..c389abc 100644 --- a/comanage-registry-shibboleth-sp/000-comanage.conf +++ b/comanage-registry-shibboleth-sp/000-comanage.conf @@ -43,7 +43,6 @@ SSLCertificateFile /etc/apache2/cert.pem SSLCertificateKeyFile /etc/apache2/privkey.pem - SSLCertificateChainFile /etc/apache2/chain.pem Options Indexes FollowSymLinks diff --git a/comanage-registry-shibboleth-sp/README.md b/comanage-registry-shibboleth-sp/README.md index ec8b065..3bed47e 100644 --- a/comanage-registry-shibboleth-sp/README.md +++ b/comanage-registry-shibboleth-sp/README.md @@ -158,11 +158,10 @@ by setting the `logger` configuration option in `shibboleth2.xml`. ### HTTPS Configuration -Mount or COPY in an X.509 certificate file, associated private key file, -and certificate signing chain file. +Mount or COPY in an X.509 certificate file (containing the CA signing certificate(s), if any) +and associated private key file. ``` COPY cert.pem /etc/apache2/cert.pem COPY privkey.pem /etc/apache2/privkey.pem -COPY chain.pem /etc/apache2/chain.pem ``` diff --git a/comanage-registry/000-comanage.conf b/comanage-registry/000-comanage.conf index d78e7be..7cbc989 100644 --- a/comanage-registry/000-comanage.conf +++ b/comanage-registry/000-comanage.conf @@ -43,7 +43,6 @@ SSLCertificateFile /etc/apache2/cert.pem SSLCertificateKeyFile /etc/apache2/privkey.pem - SSLCertificateChainFile /etc/apache2/chain.pem Options Indexes FollowSymLinks diff --git a/comanage-registry/README.md b/comanage-registry/README.md index 9823d6a..0311524 100644 --- a/comanage-registry/README.md +++ b/comanage-registry/README.md @@ -137,11 +137,10 @@ stderr of the container. ### HTTPS Configuration -Mount or COPY in an X.509 certificate file, associated private key file, -and certificate signing chain file. +Mount or COPY in an X.509 certificate file (containing the CA signing certificate(s), if any) +and associated private key file. ``` COPY cert.pem /etc/apache2/cert.pem COPY privkey.pem /etc/apache2/privkey.pem -COPY chain.pem /etc/apache2/chain.pem ```