Hi Jesse, sorry for the delay in response.
/etc/ood/dex config is handled by the
ood-portal-generator app. The pieces of the app which specifically handle dex are in:
Which uses entries from:
If you scroll to the bottom of that yaml file, you can see the
dex: key which then has further attributes below you can set that will then be pulled into that
dex.rb file for use in constructing the config for dex.
For Apache SSL directives the relevant settings are found further up in that
ood_portal.yml where you can see the following:
List of SSL Apache directives
- ‘SSLCertificateFile “/etc/pki/tls/certs/www.example.com.crt”’
- ‘SSLCertificateKeyFile “/etc/pki/tls/private/www.example.com.key”’
Default: null (no SSL support)
As for the CAChain, catting that into your crt seems like the most straightforward way to handle the chain dependency assuming the proper order is maintained. However, this makes me realize there is nothing to handle the CAChain.crt at the moment, so that’s a good catch that we will have to address. I will be opening an issue to address this. Thanks for the question and please let us know if you need anything else.