diff options
| author | John Estabrook <jestabro@sentrium.io> | 2019-08-14 12:04:49 -0500 |
|---|---|---|
| committer | John Estabrook <jestabro@sentrium.io> | 2019-08-14 12:52:21 -0500 |
| commit | e304e91a781f79c1e12bb2a7f806a0015bf039e3 (patch) | |
| tree | 9954f9f8d20032a26d6ae0d5601693c80fd01771 /src/conf_mode/https.py | |
| parent | ae7501bd0aeef87b708eb033907aab470ea764b7 (diff) | |
| download | vyos-1x-e304e91a781f79c1e12bb2a7f806a0015bf039e3.tar.gz vyos-1x-e304e91a781f79c1e12bb2a7f806a0015bf039e3.zip | |
[service https] T1443: add self-signed TLS certificate
Diffstat (limited to 'src/conf_mode/https.py')
| -rwxr-xr-x | src/conf_mode/https.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 2495cf7e7..289eacf69 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -46,11 +46,16 @@ server { # listen 443 ssl default_server; listen [::]:443 ssl default_server; + +{% if vyos_cert %} + include {{ vyos_cert.conf }}; +{% else %} # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # include snippets/snakeoil.conf; +{% endif %} {% for l_addr in listen_address %} server_name {{ l_addr }}; @@ -88,6 +93,10 @@ def get_config(): addrs = conf.return_values('listen-address') https['listen_address'] = addrs[:] + if conf.exists('certificates'): + if conf.exists('certificates system-generated-certificate'): + https['vyos_cert'] = vyos.defaults.vyos_cert_data + if conf.exists('api'): https['api'] = vyos.defaults.api_data |