From e304e91a781f79c1e12bb2a7f806a0015bf039e3 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@sentrium.io>
Date: Wed, 14 Aug 2019 12:04:49 -0500
Subject: [service https] T1443: add self-signed TLS certificate

---
 src/conf_mode/https.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/conf_mode/https.py')

diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 2495cf7e7..289eacf69 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -46,11 +46,16 @@ server {
         #
         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;
+
+{% if vyos_cert %}
+        include {{ vyos_cert.conf }};
+{% else %}
         #
         # Self signed certs generated by the ssl-cert package
         # Don't use them in a production server!
         #
         include snippets/snakeoil.conf;
+{% endif %}
 
 {% for l_addr in listen_address %}
         server_name {{ l_addr }};
@@ -88,6 +93,10 @@ def get_config():
         addrs = conf.return_values('listen-address')
         https['listen_address'] = addrs[:]
 
+    if conf.exists('certificates'):
+        if conf.exists('certificates system-generated-certificate'):
+            https['vyos_cert'] = vyos.defaults.vyos_cert_data
+
     if conf.exists('api'):
         https['api'] = vyos.defaults.api_data
 
-- 
cgit v1.2.3