Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106640
Change subject: Add SSLCACertificatePath for rt & magnesium
......................................................................
Add SSLCACertificatePath for rt & magnesium
SSL certificate verification doesn't work right without them, and
rt-mailgate especially breaks.
Change-Id: I454ce18dcfcbdc00fec615c638b359ef9c82b637
---
M templates/apache/sites/racktables.wikimedia.org.erb
M templates/rt/rt4.apache.erb
2 files changed, 2 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/40/106640/1
diff --git a/templates/apache/sites/racktables.wikimedia.org.erb
b/templates/apache/sites/racktables.wikimedia.org.erb
index c52c38e..3ce2540 100644
--- a/templates/apache/sites/racktables.wikimedia.org.erb
+++ b/templates/apache/sites/racktables.wikimedia.org.erb
@@ -23,6 +23,7 @@
SSLHonorCipherOrder on
SSLCertificateFile <%= racktables_ssl_cert %>
SSLCertificateKeyFile <%= racktables_ssl_key %>
+ SSLCACertificatePath /etc/ssl/certs
DocumentRoot /srv/org/wikimedia/racktables/wwwroot
<Directory />
diff --git a/templates/rt/rt4.apache.erb b/templates/rt/rt4.apache.erb
index fea4439..f3e78d8 100644
--- a/templates/rt/rt4.apache.erb
+++ b/templates/rt/rt4.apache.erb
@@ -19,6 +19,7 @@
SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/certs/rt.wikimedia.org.pem
SSLCertificateKeyFile /etc/ssl/private/rt.wikimedia.org.key
+ SSLCACertificatePath /etc/ssl/certs
AddDefaultCharset UTF-8
--
To view, visit https://gerrit.wikimedia.org/r/106640
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I454ce18dcfcbdc00fec615c638b359ef9c82b637
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
