Forums

Jim Shanks
Jim Shanks
Offline
Resolved
0 votes
This morning, my primary mail server running ClearOS 7 did a normal round up automatic updates. Problem is, Webconfig-php was updated and the re-initialization re-wrote the /etc/httpd/conf.d/flex-443.conf file.

We are using real, registered server certificates, not the self-signed certificates that the system creates. Rewriting the flex-443.conf back to default broke our configuration, making it impossible for our users to login to Zarafa, and retrieve their email.

If searched and asked before, with absolutely no response, if there is a method to use our certificates within the framework of ClearOS autoconfig scripts. If there is a way, I'd like to know,
Thursday, September 15 2016, 02:11 PM
Share this post:
Responses (3)
  • Accepted Answer

    Jim Shanks
    Jim Shanks
    Offline
    Thursday, September 15 2016, 09:03 PM - #Permalink
    Resolved
    0 votes
    Peter - That doesn't work. The certificate configuration does not propagate correctly to all need .conf files. It only works with a self-signed certificate created on the system. I beat my head against the wall for weeks, and went through dozens of questions and responses on forums, and no one had a configuration working correctly in that way.

    I'll set the immutable bit as Nick suggested for now. I don't know why I didn't think of that, and At least that'll stop the 2 AM phone calls.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, September 15 2016, 05:59 PM - #Permalink
    Resolved
    0 votes
    Yes, you can now upload 3rd party certificates using the Certificate Manager app. Once uploaded, you can select the certificate via the Flexshare web interface.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, September 15 2016, 05:14 PM - #Permalink
    Resolved
    0 votes
    If you have modified /etc/httpd/conf.d/flex-443.conf you need to set the immutable bit (chattr +i /etc/httpd/conf.d/flex-443.conf) to stop the system overwriting it during updates or during changes through the webconfig.

    I don't use flexshares. My web bits are in /var/www/html and I can edit /etc/httpd/conf.d/ssl.conf to point to my certificates. I don't know what facilities the certificate manager gives you.
    The reply is currently minimized Show
Your Reply