Allow ca chain for multiple hosts

commit: f27354a677277da720baa2762a5c5dd567100691 [log] [tgz]
author: Filip Pytloun <filip@pytloun.cz> Mon Feb 22 13:23:39 2016 +0100
committer: Filip Pytloun <filip@pytloun.cz> Mon Feb 22 13:23:39 2016 +0100
tree: c9a6c9111eb5dda6197e1dea7d16af8b31381a87
parent: 91476cf9d83a1cb6ca3386ff59a668f2cc2cf0c2 [diff]
diff --git a/apache/files/_ssl.conf b/apache/files/_ssl.conf
index ea7a6c4..d6d8394 100644
--- a/apache/files/_ssl.conf
+++ b/apache/files/_ssl.conf

@@ -4,7 +4,7 @@
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/{{ site.host.name }}.crt
   SSLCertificateKeyFile /etc/ssl/private/{{ site.host.name }}.key
-  SSLCertificateChainFile /etc/ssl/certs/ca-chain.crt
+  SSLCertificateChainFile /etc/ssl/certs/{{ site.host.name }}-ca-chain.crt
 
   {%- if site.ssl.get('strict_transport_security', False) %}
   Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

diff --git a/apache/server/site.sls b/apache/server/site.sls
index 84f4d5d..f7ed232 100644
--- a/apache/server/site.sls
+++ b/apache/server/site.sls

@@ -63,7 +63,7 @@
   - require:
     - pkg: apache_packages
 
-/etc/ssl/certs/ca-chain.crt:
+/etc/ssl/certs/{{ site.host.name }}-ca-chain.crt:
   file.managed:
   {%- if site.ssl.chain is defined %}
   - contents_pillar: apache:server:site:{{ site_name }}:ssl:chain
commit	f27354a677277da720baa2762a5c5dd567100691	[log] [tgz]
author	Filip Pytloun <filip@pytloun.cz>	Mon Feb 22 13:23:39 2016 +0100
committer	Filip Pytloun <filip@pytloun.cz>	Mon Feb 22 13:23:39 2016 +0100
tree	c9a6c9111eb5dda6197e1dea7d16af8b31381a87
parent	91476cf9d83a1cb6ca3386ff59a668f2cc2cf0c2 [diff]