Index: trunk/server/fedora/config/etc/httpd/conf/httpd.conf
===================================================================
--- trunk/server/fedora/config/etc/httpd/conf/httpd.conf (revision 1767)
+++ trunk/server/fedora/config/etc/httpd/conf/httpd.conf (revision 1768)
@@ -326,5 +326,5 @@
SSLCryptoDevice builtin
SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
- SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts-1024.key
SSLCACertificateFile /etc/pki/tls/certs/ca.pem
SSLVerifyClient none
Index: trunk/server/fedora/config/etc/httpd/vhosts.d/finance.blue-sun-corp.com.conf
===================================================================
--- trunk/server/fedora/config/etc/httpd/vhosts.d/finance.blue-sun-corp.com.conf (revision 1767)
+++ trunk/server/fedora/config/etc/httpd/vhosts.d/finance.blue-sun-corp.com.conf (revision 1768)
@@ -19,5 +19,5 @@
Include conf.d/vhosts-common-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
- SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
@@ -30,5 +30,5 @@
Include conf.d/vhosts-common-ssl-cert.conf
SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
- SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
Index: trunk/server/fedora/config/etc/httpd/vhosts.d/music.blue-sun-corp.com.conf
===================================================================
--- trunk/server/fedora/config/etc/httpd/vhosts.d/music.blue-sun-corp.com.conf (revision 1767)
+++ trunk/server/fedora/config/etc/httpd/vhosts.d/music.blue-sun-corp.com.conf (revision 1768)
@@ -19,5 +19,5 @@
Include conf.d/vhosts-common-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
- SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
@@ -30,5 +30,5 @@
Include conf.d/vhosts-common-ssl-cert.conf
SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
- SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
Index: trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py
===================================================================
--- trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (revision 1767)
+++ trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (revision 1768)
@@ -12,4 +12,11 @@
#
# Geoffrey Thomas , 2008, public domain.
+
+# Note: As of 1/2011 we are inserting SSLCertificateKeyFile into reified
+# hosts, because previously-acqured certificates were signed with an
+# older (1024-bit) key. Sometime around 2014 when our last cert with
+# this key expires, we can update /etc/httpd/conf/httpd.conf to point to
+# the current key instead of the old one, and stop inserting this into
+# individual vhost records. -geofft
import ldap
@@ -56,4 +63,5 @@
Include conf.d/vhosts-common-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
@@ -66,4 +74,5 @@
Include conf.d/vhosts-common-ssl-cert.conf
SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
""" % {
Index: trunk/server/fedora/config/etc/httpd/vhosts.d/trac.blue-sun-corp.com.conf
===================================================================
--- trunk/server/fedora/config/etc/httpd/vhosts.d/trac.blue-sun-corp.com.conf (revision 1767)
+++ trunk/server/fedora/config/etc/httpd/vhosts.d/trac.blue-sun-corp.com.conf (revision 1768)
@@ -19,5 +19,5 @@
Include conf.d/vhosts-common-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
- SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
@@ -30,5 +30,5 @@
Include conf.d/vhosts-common-ssl-cert.conf
SSLCertificateFile /etc/pki/tls/certs/blue-sun-corp.com.pem
- SSLCertificateKeyFile /etc/pki/tls/private/scripts-new.key
+ SSLCertificateKeyFile /etc/pki/tls/private/scripts.key