diff options
author | Stephane Lapie <stephane.lapie@asahinet.com> | 2014-01-20 16:03:33 +0900 |
---|---|---|
committer | Stephane Lapie <stephane.lapie@asahinet.com> | 2014-01-20 16:14:59 +0900 |
commit | 9a33bc918c1078402479101249b770ebc7e64d6b (patch) | |
tree | 27ea512d8ddff5450bb700c64ebbcccfe0006d40 /config/apache_mod_security-dev/apache_mod_security.inc | |
parent | 9c277bf31b361546080ba3e66b977cf6465e7938 (diff) | |
download | pfsense-packages-9a33bc918c1078402479101249b770ebc7e64d6b.tar.gz pfsense-packages-9a33bc918c1078402479101249b770ebc7e64d6b.tar.bz2 pfsense-packages-9a33bc918c1078402479101249b770ebc7e64d6b.zip |
Separate CAs for client certs and server cert chain
- Modified the VirtualHost screen to make more clear the difference between "server certificate chain" and "client certification authority"
- Modified configuration generation accordingly with proper options (SSLCertificateChainFile for server cert chain, SSLCACertificateFile for client certificates) according to Apache documentation
Diffstat (limited to 'config/apache_mod_security-dev/apache_mod_security.inc')
-rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 31be95cf..2728e2e9 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -569,9 +569,14 @@ EOF; $vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key\n"; } } - $svr_ca =lookup_ca($virtualhost["reverse_int_ca"]); + $svr_ca =lookup_ca($virtualhost["ssl_cert_chain"]); if ($svr_ca != false) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + $vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt\n"; + } + $cli_ca =lookup_ca($virtualhost["reverse_int_ca"]); + if ($cli_ca != false) { + file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt\n"; } } |