freeipa/ipaserver/install
Stanislav Laznicka 7cbd9bd429 Encrypt httpd key stored on disk
This commit adds configuration for HTTPD to encrypt/decrypt its
key which we currently store in clear on the disc.

A password-reading script is added for mod_ssl. This script is
extensible for the future use of directory server with the
expectation that key encryption/decription will be handled
similarly by its configuration.

https://pagure.io/freeipa/issue/7421

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-03-23 12:48:46 +01:00
..
plugins mod_ssl migration: fix upload_cacrt.py plugin 2018-02-21 07:57:40 +01:00
server Update template directory with new variables when upgrading ipa.conf.template 2018-03-21 22:22:35 +01:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py Correct typo estabilish->establish in the install scripts 2017-07-24 13:41:16 +02:00
adtrustinstance.py Replace hard-coded paths with path constants 2018-02-08 09:32:12 +01:00
bindinstance.py Add mocked test for named crypto policy update 2018-02-20 17:01:52 +01:00
ca.py Add a helpful comment to ca.py:install_check() 2018-01-16 14:15:58 +01:00
cainstance.py Dogtag configs: rename deprecated options 2018-03-22 16:17:29 +01:00
certs.py Remove unused modutils wrappers from NSS/CertDB 2018-02-23 11:04:10 +01:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py service: rename import_ca_certs_* to export_* 2018-02-21 07:57:40 +01:00
dns.py Warning the user when using a loopback IP as forwarder 2017-11-09 09:24:03 -02:00
dnskeysyncinstance.py More cleanup after uninstall 2018-03-20 10:15:28 +01:00
dogtag.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
dogtaginstance.py Keep owner when backing up CA.cfg 2018-03-19 15:46:56 +01:00
dsinstance.py certmonger: Use explicit storage format 2018-02-23 11:04:10 +01:00
httpinstance.py Encrypt httpd key stored on disk 2018-03-23 12:48:46 +01:00
installutils.py More cleanup after uninstall 2018-03-20 10:15:28 +01:00
ipa_backup.py Backup HTTPD's mod_ssl config and cert-key pair 2018-03-13 10:52:41 +01:00
ipa_cacert_manage.py Update IPA CA issuer DN upon renewal 2018-02-08 13:53:30 +01:00
ipa_kra_install.py Have all the scripts run in python 3 by default 2018-02-15 18:43:12 +01:00
ipa_ldap_updater.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
ipa_otptoken_import.py OTP import: support hash names with HMAC- prefix 2017-09-18 11:37:31 +02:00
ipa_pkinit_manage.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
ipa_replica_install.py install: re-introduce option groups 2017-03-13 10:12:40 +01:00
ipa_replica_prepare.py replica_prepare: Remove the correct NSS DB files 2018-01-16 16:36:10 +01:00
ipa_restore.py ipa-restore: remove /etc/httpd/conf.d/nss.conf 2018-03-14 12:25:04 +01:00
ipa_server_certinstall.py Encrypt httpd key stored on disk 2018-03-23 12:48:46 +01:00
ipa_server_install.py install: re-introduce option groups 2017-03-13 10:12:40 +01:00
ipa_server_upgrade.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
ipa_winsync_migrate.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
kra.py Restart named-pkcs11 after KRA installation 2018-02-08 16:58:13 +01:00
krainstance.py Dogtag configs: rename deprecated options 2018-03-22 16:17:29 +01:00
krbinstance.py ipa-server-install: handle error when calling kdb5_util create 2018-03-13 10:09:13 +01:00
ldapupdate.py Instrument installer to profile steps 2018-03-16 07:33:58 +01:00
ntpinstance.py logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
odsexporterinstance.py logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
opendnssecinstance.py Use os.path.isfile() and isdir() 2017-10-20 12:27:19 +02:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py Unified ldap_initialize() function 2018-02-15 18:32:17 +01:00
schemaupdate.py logging: do not use ipa_log_manager to create module-level loggers 2017-07-14 15:55:59 +02:00
service.py Instrument installer to profile steps 2018-03-16 07:33:58 +01:00
sysupgrade.py logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
upgradeinstance.py logging: do not log into the root logger 2017-07-14 15:55:59 +02:00