diff options
| author |   Tal Gitelman <tg851x@intl.att.com> | 2017-08-31 15:51:10 +0300 |
|---|---|---|
| committer | Tal Gitelman <tg851x@intl.att.com> | 2017-08-31 15:51:10 +0300 |
| commit | 6d7a7c1b6e82c92e37eb0b23b892418b82af026f (patch) | |
| tree | a4e717e20776a7788eb0c51e3caec435c68d6e2d /sdc-os-chef/sdc-frontend | |
| parent | 43f36d99f1ad4d0a84a6a03fe3861cdadd952790 (diff) | |
Jetty default ssl certificate fix
Recipes alignment for ssl.ini new keystore
Change-Id: Ibe5a04712b5fb7c3c7e0adfa0bcb23d260b77479
Issue-ID:SDC-264
Signed-off-by: Tal Gitelman <tg851x@intl.att.com>
Diffstat (limited to 'sdc-os-chef/sdc-frontend')
| -rw-r--r-- | sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb | 6 | ||||
| -rw-r--r-- | sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb (renamed from sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb) | 9 |
2 files changed, 11 insertions, 4 deletions
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb index 2800fd1808..fc9dd86f40 100644 --- a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb +++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb @@ -34,12 +34,12 @@ template "FE-https-ini" do end -template "FE-ssl-ini" do +template "ssl-ini" do path "/#{jetty_base}/start.d/ssl.ini" - source "FE-ssl-ini.erb" + source "ssl-ini.erb" owner "jetty" group "jetty" mode "0755" - variables :FE_https_port => "#{node['FE'][:https_port]}" + variables :https_port => "#{node['FE'][:https_port]}" end diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb index 426e0e44b5..effbfa7918 100644 --- a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb +++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb @@ -8,7 +8,7 @@ # jetty.ssl.host=0.0.0.0 ## Connector port to listen on -jetty.ssl.port=<%= @FE_https_port %> +jetty.ssl.port=<%= @https_port %> ## Connector idle timeout in milliseconds # jetty.ssl.idleTimeout=30000 @@ -49,6 +49,7 @@ jetty.ssl.port=<%= @FE_https_port %> ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok ## Keystore type and provider # jetty.sslContext.keyStoreType=JKS @@ -56,9 +57,11 @@ jetty.ssl.port=<%= @FE_https_port %> ## KeyManager password # jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g +jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok ## Truststore password # jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok ## Truststore type and provider # jetty.sslContext.trustStoreType=JKS @@ -81,3 +84,7 @@ jetty.ssl.port=<%= @FE_https_port %> ## Set the timeout (in seconds) of the SslSession cache timeout # jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 |