Hi all -
I’m in the process of adding my own certificates to the IPFire Apache configuration to get rid of browser warnings. I have created my own CA for that purpose and added the certificate to my browser / host configuriation. This is working well with all of my internal servers.
My question is: Why does /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf show redundant lines regarding the SSL certificates? I’m referring to the last 4 lines in this block of text:
SSLEngine on SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite AESGCM+EECDH:CHACHA20+EECDH:@STRENGTH:+aRSA SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off SSLCertificateFile /etc/httpd/server.crt SSLCertificateKeyFile /etc/httpd/server.key SSLCertificateFile /etc/httpd/server-ecdsa.crt SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
Isn’t it sufficient to have only one certificate and one key file instead of two named “ecsda”?