Correct SSL settings.

1 files changed, 12 insertions, 8 deletions

diff --git a/apache/apache-ssl.cf b/apache/apache-ssl.cf
index 78f192e..8d85e05 100755
--- a/apache/apache-ssl.cf
+++ b/apache/apache-ssl.cf
@@ -351,29 +351,33 @@ editfiles:
 			UnsetAbort "^# END CFENGINE$"
 		EndGroup
 		#
-		# #SSLCACertificatePath
-		# SSLCACertificateFile cacert.pem
+		# SSLCACertificatePath /etc/ssl/certs
+		# SSLCACertificateFile /etc/ssl/certs/cacert.pem
 		# SSLCertificateFile apache.pem
 		# SSLCertificateKeyFile apache.pem
 		#
 		ResetSearch "1"
-		CommentLinesMatching "SSLCACertificatePath"
+		HashCommentLinesMatching "SSLCACertificatePath*"
 		CatchAbort
 		BeginGroupIfFileExists "/etc/ssl/certs/cacert.pem"
 			ResetSearch "1"
-			CommentLinesMatching "SSLCACertificateFile"
+			HashCommentLinesMatching "SSLCACertificatePath*"
+			CatchAbort
+			ResetSearch "1"
+			HashCommentLinesMatching "SSLCACertificateFile*"
 			CatchAbort
 			AbortAtLineMatching "^# END CFENGINE$"
 			LocateLineMatching "^# BEGIN CFENGINE$"
-			BeginGroupIfNoSuchLine "SSLCACertificateFile cacert.pem"
-				InsertLine "SSLCertificateFile apache.pem"
+			BeginGroupIfNoSuchLine "SSLCACertificatePath /etc/ssl/certs"
+				InsertLine "SSLCACertificatePath /etc/ssl/certs"
+				InsertLine "SSLCACertificateFile /etc/ssl/certs/cacert.pem"
 			EndGroup
 			ResetSearch "1"
 			UnsetAbort "^# END CFENGINE$"
 		EndGroup
 		BeginGroupIfFileExists "/etc/ssl/certs/apache.pem"
 			ResetSearch "1"
-			CommentLinesMatching "SSLCertificateFile"
+			HashCommentLinesMatching "SSLCertificateFile*"
 			CatchAbort
 			AbortAtLineMatching "^# END CFENGINE$"
 			LocateLineMatching "^# BEGIN CFENGINE$"
@@ -385,7 +389,7 @@ editfiles:
 		EndGroup
 		BeginGroupIfFileExists "/etc/ssl/private/apache.pem"
 			ResetSearch "1"
-			CommentLinesMatching "SSLCertificateKeyFile"
+			HashCommentLinesMatching "SSLCertificateKeyFile*"
 			CatchAbort
 			AbortAtLineMatching "^# END CFENGINE$"
 			LocateLineMatching "^# BEGIN CFENGINE$"