630d09f6c4
Generate the certificate to be used for koji in make-certs.sh by the same CA that also generates the composer and client certs. Create a single certificate that uses the SubjectAltName (SAN) extension to cover two domains: localhost, org.osbuild.koji.koji, which previously was done via two separate certificates; this is the legacy usage which stopped working with go 1.15 (see previous commit). As a consequence the apache config is modified to use only one virtual host with a ServerAlias directive.
15 lines
329 B
Text
15 lines
329 B
Text
[kojid]
|
|
server=http://org.osbuild.koji.koji/kojihub
|
|
topurl=http://org.osbuild.koji.koji/kojifiles
|
|
|
|
workdir=/tmp/koji
|
|
topdir=/mnt/koji
|
|
|
|
host_principal_format = compile/%s@LOCAL
|
|
keytab = /share/kojid.keytab
|
|
|
|
; cert = /share/ssl/kojid/client.pem
|
|
; ca = /share/ssl/kojid/serverca.crt
|
|
serverca = /share/koji-ca.pem
|
|
|
|
plugins = osbuild
|