During an initial install of TF, we sometimes do not have the SSL cert ready yet. So, tf will create self-signed certs which is good. However, it doesn't create a place holder for a chain file.

So there are 2 options we can do to make it easier for customer to import their new certs.
1. We can possibly create an domain.ca.crt file in var/ssl directory that is empty. Also apache would have to be updated to include that chain file. Then a customer can easily be update the .crt, .ca.crt, and .key with their files and restart apache. Would be nice is there was a teamforge reload -s apache.
This will save time on doing a teamforge provision with new paths and bringing down the system

2. Another option, in ADDITON to #1, but ALSO have a TF GUI in which a customer and upload their new certs into the TF gui with a "reload" apache button. Of course this option will also check that the files are correct before reloading and putting the system into an unstable/broken state.

by: Joey S. | over a year ago | Administration