Page MenuHomePhorge

include chain and privkey files for tls_config
ClosedPublic

Authored by dhoffend on Nov 28 2016, 12:06 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 17, 8:04 AM
Unknown Object (File)
Sat, Mar 2, 7:26 PM
Unknown Object (File)
Jan 30 2024, 9:17 PM
Unknown Object (File)
Jan 30 2024, 2:47 AM
Unknown Object (File)
Jan 27 2024, 2:15 PM
Unknown Object (File)
Jan 24 2024, 4:55 AM
Unknown Object (File)
Jan 24 2024, 4:55 AM
Unknown Object (File)
Jan 24 2024, 4:47 AM
Subscribers

Details

Reviewers
None
Group Reviewers
Restricted Project
Commits
rGe3a5c9080906: include chain and privkey files for tls_config
Summary

Include more tls options in the example configuration. If you want to
correctly configure your ssl certificate including the intermediate servers
it's important to configure the cacertfile otherwise the chain is omitted in
the ssl response. (tested with openssl s_client).

The documentation should be updated as well.

Diff Detail

Repository
rG guam
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dhoffend retitled this revision from to include chain and privkey files for tls_config.
dhoffend updated this object.
dhoffend edited the test plan for this revision. (Show Details)
dhoffend added a reviewer: Restricted Project.

IMO the kolab-docs documention should be updated as well like the pykolab/setup-kolab template.

Note that you can put all of these in a single .pem file as well, haproxy-style. But it is nice to show these options as well. Will merge... Thanks! :)

Closed by commit rGe3a5c9080906: include chain and privkey files for tls_config (authored by dhoffend, committed by Aaron Seigo <seigo@kolabsystems.com>). · Explain WhyNov 30 2016, 10:18 AM
This revision was automatically updated to reflect the committed changes.
In D314#4064, @seigo wrote:

Note that you can put all of these in a single .pem file as well, haproxy-style. But it is nice to show these options as well. Will merge... Thanks! :)

I've tried it and it didn't worked. While the certificate and the key got loaded and served correctly, the included certificate chain wasn't provided when I tested the guam connection with openssl s_client -connect ...

That's why I was searching for the correct attributes.

Another reason for this was the usage for LetsEncrypt certbot client. The client automatically generates separate files for cert + chain + key and not a combined file for all 3. So I though it would be good to provide the user the documentation on all 3 required attributes. This makes a future lets-encrypt doc easier to start with. ... maybe when I found some time.