Missing prompt: Please input path to your SSLCertificateChainFile

Community Forums
1

Hi Jess,

I have suggestion to include prompt:
Please input path to your SSLCertificateChainFile

kaltura-front-13.19.0-1.noarch
kaltura-base-config.sh
kaltura-config-all.sh
kaltura-front-config.sh

We have our internal domain root and we are not using
SSLCACertificateFile

SSLCertificateFile /etc/pki/tls/www.domain.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.domain.key
SSLCertificateChainFile /etc/pki/tls/domain_root.pem
#SSLCACertificateFile /etc/pki/tls/domain_root.pem.pem

kaltura-front-13.19.0-1.noarch

Is your Apache working with SSL?[Y/n]
Please input path to your SSL certificate
Please input path to your SSL key
Please input path to your SSL CA file or leave empty in case you have none:
Which port will this Vhost listen on? [443]

Please input path to your SSL certificate[/etc/ssl/certs/localhost.crt]:
/etc/pki/tls/www.domain.com.crt
Please input path to your SSL key[/etc/pki/tls/private/localhost.key]:
/etc/pki/tls/private/www.domain.com.key
Please input path to your SSL CA file or leave empty in case you have none:

C = CA, O = GC, OU = Device, OU = SSL, CN = www.domain.com
error 20 at 0 depth lookup: unable to get local issuer certificate

Regards,
Dmitri

2

Hi @astrava,

As you know, Apache [and most other prominent web servers, for that matter], has a lot of configuration options, which, depending on the circumstances may or may not be needed.

The prompts in the config scripts could never cover ALL possible scenarios and if we made an attempt to do so, the average bootstrapping time would be increased substantially, thus exhausting most users and rightly so.

Instead, we aim to cover the most common configurations. In most cases, SSLCertificateFile, SSLCertificateKeyFile and SSLCACertificateFile is all you need and so, that’s what we prompt for. That said, you can always modify the .template files here:
/opt/kaltura/app/configurations/apache
prior to running the config scripts. If such alterations are needed, you will have to redo the every time you upgrade the RPM packages, of course.