From patchwork Thu Oct 12 04:45:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 1468 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 259A860C05 for ; Wed, 11 Oct 2017 19:45:30 +0200 (CEST) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 7E9142A1E; Wed, 11 Oct 2017 19:45:29 +0200 (CEST) Received: from mx.link38.eu (mx.link38.eu [IPv6:2a03:4000:17:39a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.link38.eu", Issuer "Let's Encrypt Authority X3" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id ADB2D2A1E for ; Wed, 11 Oct 2017 19:45:26 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mx.link38.eu (Postfix) with ESMTP id 81DEE41541 for ; Wed, 11 Oct 2017 19:45:25 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mx.link38.eu Received: from mx-fra.brokers.link38.eu (mx-fra.brokers.link38.eu [10.141.75.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.link38.eu (Postfix) with ESMTPS for ; Wed, 11 Oct 2017 19:45:19 +0200 (CEST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx-fra.brokers.link38.eu (Postfix) with ESMTPSA id D735D9F38A for ; Wed, 11 Oct 2017 19:45:19 +0200 (CEST) Date: Wed, 11 Oct 2017 19:45:19 +0200 From: Peter =?utf-8?q?M=C3=BCller?= To: "development@lists.ipfire.org" Subject: [PATCH 2/3] enable dual-stack ECDSA and RSA certificates in Apache Message-ID: <20171011194519.5d7e33e7.peter.mueller@link38.eu> Organization: Link38 MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Note: Apache crashes if any of these files does not exist. Thereof it is necessary to generate missing keys on existing installations. Signed-off-by: Peter Müller --- config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index 995c28e52..c9ccd5be5 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -13,6 +13,8 @@ SSLHonorCipherOrder on SSLCertificateFile /etc/httpd/server.crt SSLCertificateKeyFile /etc/httpd/server.key + SSLCertificateFile /etc/httpd/server-ecdsa.crt + SSLCertificateKeyFile /etc/httpd/server-ecdsa.key Options ExecCGI