Revision 25cb897a
Added by Ivan Necas over 8 years ago
| manifests/reverse_proxy.pp | ||
|---|---|---|
|
ssl_proxyengine => true,
|
||
|
ssl_cert => $certs::apache::apache_cert,
|
||
|
ssl_key => $certs::apache::apache_key,
|
||
|
ssl_ca => $certs::katello_server_ca_cert,
|
||
|
ssl_ca => $certs::ca_cert,
|
||
|
ssl_verify_client => 'optional',
|
||
|
ssl_verify_depth => 10,
|
||
|
request_headers => ['set X_RHSM_SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"'],
|
||
| ... | ... | |
|
},
|
||
|
],
|
||
|
custom_fragment => "
|
||
|
SSLProxyCACertificateFile ${::certs::katello_server_ca_cert}
|
||
|
SSLProxyCACertificateFile ${::certs::ca_cert}
|
||
|
SSLProxyMachineCertificateFile ${certs::foreman_proxy::foreman_proxy_ssl_client_bundle}
|
||
|
",
|
||
|
}
|
||
Also available in: Unified diff
Fixes #11660 - use default CA for client certificates verification
The katello_server_ca_cert is not meant to verify client certificates (although
it seems to work with all-in-one certificates).