Named server certs, as suggested by @huzvar

This commit is contained in:
Brian Lycett 2022-03-09 15:37:31 +00:00
parent 9bbe0db8d5
commit 58432af0f3

View File

@ -47,15 +47,15 @@ else
########################
#If there aren't any SSL certs then create a CA and then CA-signed certificate
if [ ! -f "${ssl_dir}/server.key" ] && [ ! -f "${ssl_dir}/server.crt" ]; then
if [ ! -f "${ssl_dir}/{$SERVER_CERT_FILENAME:-server.crt}" ] && [ ! -f "${ssl_dir}/{$SERVER_KEY_FILENAME:-server.key}" ]; then
mkdir -p $ssl_dir
confout="${ssl_dir}/conf"
keyout="${ssl_dir}/server.key"
certout="${ssl_dir}/server.crt"
cakey="${ssl_dir}/ca.key"
cacert="${ssl_dir}/ca.crt"
serialfile="${ssl_dir}/serial"
cakey="${ssl_dir}/.ca.key"
cacert="${ssl_dir}/.ca.crt"
serialfile="${ssl_dir}/.serial"
echo "Generating CA key"
openssl genrsa -out $cakey 2048
@ -113,7 +113,7 @@ EoCertConf
########################
#Create Apache config
if [ -f "${ssl_dir}/chain.pem" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/chain.pem"; fi
if [ -f "${ssl_dir}/{$CA_CERT_FILENAME}" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/{$CA_CERT_FILENAME}"; fi
echo > /etc/apache2/sites-enabled/lum.conf
echo > /etc/apache2/ports.conf
@ -152,8 +152,8 @@ EoHTTPrd
</Directory>
SSLEngine On
SSLCertificateFile /opt/ssl/server.crt
SSLCertificateKeyFile /opt/ssl/server.key
SSLCertificateFile ${ssl_dir}/{$SERVER_CERT_FILENAME:-server.crt}
SSLCertificateKeyFile ${ssl_dir}/{$SERVER_KEY_FILENAME:-server.key}
$ssl_chain
</VirtualHost>