This morning, my primary mail server running ClearOS 7 did a normal round up automatic updates. Problem is, Webconfig-php was updated and the re-initialization re-wrote the /etc/httpd/conf.d/flex-443.conf file.
We are using real, registered server certificates, not the self-signed certificates that the system creates. Rewriting the flex-443.conf back to default broke our configuration, making it impossible for our users to login to Zarafa, and retrieve their email.
If searched and asked before, with absolutely no response, if there is a method to use our certificates within the framework of ClearOS autoconfig scripts. If there is a way, I'd like to know,
We are using real, registered server certificates, not the self-signed certificates that the system creates. Rewriting the flex-443.conf back to default broke our configuration, making it impossible for our users to login to Zarafa, and retrieve their email.
If searched and asked before, with absolutely no response, if there is a method to use our certificates within the framework of ClearOS autoconfig scripts. If there is a way, I'd like to know,
Share this post:
Responses (3)
-
Accepted Answer
Peter - That doesn't work. The certificate configuration does not propagate correctly to all need .conf files. It only works with a self-signed certificate created on the system. I beat my head against the wall for weeks, and went through dozens of questions and responses on forums, and no one had a configuration working correctly in that way.
I'll set the immutable bit as Nick suggested for now. I don't know why I didn't think of that, and At least that'll stop the 2 AM phone calls. -
Accepted Answer
-
Accepted Answer
If you have modified /etc/httpd/conf.d/flex-443.conf you need to set the immutable bit (chattr +i /etc/httpd/conf.d/flex-443.conf) to stop the system overwriting it during updates or during changes through the webconfig.
I don't use flexshares. My web bits are in /var/www/html and I can edit /etc/httpd/conf.d/ssl.conf to point to my certificates. I don't know what facilities the certificate manager gives you.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »