On This Page
Customizing SSL or Virtual Host Configuration
Customizations to the default SSL configuration file (in /etc/httpd/conf.d/) or default virtual host configuration file (in /etc/httpd/conf.d/vhost.d/) may be overwritten during a TOS or TufinOS upgrade.
To change the location of the certificate, follow the instructions in Importing SSL Certificates. If you manually change the location directly in the ssl.conf file, your customizations will be lost during an upgrade.
Custom configuration files are not backed up by the TOS backup command, and are not synced between the active and standby servers in an HA environment. You must make your own backups of these files, and you must manually copy them to both servers in an HA environment.
Customizations to SSL Configuration
-
In the directory
/etc/httpd/conf.d/, edit the global configuration fileuser-global.conf.# cd /etc/httpd/conf.d/
# vi user-global.conf -
Move all global key-value pairs that are customized into the file
user-global.conf, for example (if modified)SSLSessionCacheTimeout 100 -
Change the ownership and access permission of your custom configuration file.
# chown st:st user-global.conf# chmod 644 user-global.conf
Customizations to Virtual Host Configuration
- In the directory
/etc/httpd/conf.d/vhost.d/create a configuration file.For example, create a custom configuration file called
uservhostchange.conf# cd /etc/httpd/conf.d/vhost.d
# vi uservhostchange.conf - Move all vhost key-value pairs that are customized into the configuration file you created in the
vhost.dfolder, for example (if modified)SSLVerifyDepth 11 - Change the ownership and access permission of your custom configuration file.
# chown st:st uservhostchange.conf# chmod 644 uservhostchange.conf - Restart HTTPD:
# systemctlrestarthttpd
