Revision 6812
Added by ben leinfelder almost 13 years ago
| src/scripts/debian/knb-ssl | ||
|---|---|---|
| 18 | 18 |
JkMount /*.jsp ajp13 |
| 19 | 19 |
JkUnMount /knb/cgi-bin/* ajp13 |
| 20 | 20 |
</IfModule> |
| 21 |
|
|
| 21 | 22 |
# SSL Engine Switch: |
| 22 | 23 |
# Enable/Disable SSL for this virtual host. |
| 23 |
|
|
| 24 | 24 |
SSLEngine on |
| 25 |
|
|
| 25 | 26 |
# A self-signed (snakeoil) certificate can be created by installing |
| 26 | 27 |
# the ssl-cert package. See |
| 27 | 28 |
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info. |
| ... | ... | |
| 29 | 30 |
# SSLCertificateFile directive is needed. |
| 30 | 31 |
SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt |
| 31 | 32 |
SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key |
| 33 |
|
|
| 34 |
# Certificate Authority (CA): |
|
| 35 |
# Set the CA certificate verification path where to find CA |
|
| 36 |
# certificates for client authentication or alternatively one |
|
| 37 |
# huge file containing all of them (file must be PEM encoded) |
|
| 38 |
# Note: Inside SSLCACertificatePath you need hash symlinks |
|
| 39 |
# to point to the certificate files. Use the provided |
|
| 40 |
# Makefile to update the hash symlinks after changes. |
|
| 41 |
SSLCACertificatePath /etc/ssl/certs/ |
|
| 42 |
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt |
|
| 43 |
|
|
| 44 |
# Client Authentication (Type): |
|
| 45 |
# Client certificate verification type and depth. Types are |
|
| 46 |
# none, optional, require and optional_no_ca. Depth is a |
|
| 47 |
# number which specifies how deeply to verify the certificate |
|
| 48 |
# issuer chain before deciding the certificate is not valid. |
|
| 49 |
<Location /knb/servlet/replication> |
|
| 50 |
SSLVerifyClient require |
|
| 51 |
SSLVerifyDepth 10 |
|
| 52 |
</Location> |
|
| 32 | 53 |
|
| 33 | 54 |
</VirtualHost> |
| 34 | 55 |
</IfModule> |
Also available in: Unified diff
include SSL settings for client certificate-based replication