[2/3] add ECDSA certificate and key files to Apache configuration

Message ID 20170904202248.6b2b914f.peter.mueller@link38.eu
State New
Headers show
Series
  • [1/3] add ECDSA key generation to httpscert
Related show

Commit Message

Peter Müller Sept. 4, 2017, 6:22 p.m.
Make Apache use the ECDSA certificate and key, too.

Depends on PATCH 1/3 and on PATCH 3/3 in case of existing installations.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---

Patch

diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index 6f353962e..1af6b5ff1 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -9,10 +9,12 @@ 
     TransferLog /var/log/httpd/access_log
     SSLEngine on
     SSLProtocol all -SSLv2 -SSLv3
     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA
     SSLHonorCipherOrder on
     SSLCertificateFile /etc/httpd/server.crt
     SSLCertificateKeyFile /etc/httpd/server.key
+    SSLCertificateFile /etc/httpd/server-ecdsa.crt
+    SSLCertiticateKeyFile /etc/httpd/server-ecdsa.key
 
     <Directory /srv/web/ipfire/html>
         Options ExecCGI