Revision 6812
Added by ben leinfelder about 13 years ago
knb-ssl | ||
---|---|---|
18 | 18 |
JkMount /*.jsp ajp13 |
19 | 19 |
JkUnMount /knb/cgi-bin/* ajp13 |
20 | 20 |
</IfModule> |
21 |
|
|
21 | 22 |
# SSL Engine Switch: |
22 | 23 |
# Enable/Disable SSL for this virtual host. |
23 |
|
|
24 | 24 |
SSLEngine on |
25 |
|
|
25 | 26 |
# A self-signed (snakeoil) certificate can be created by installing |
26 | 27 |
# the ssl-cert package. See |
27 | 28 |
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info. |
... | ... | |
29 | 30 |
# SSLCertificateFile directive is needed. |
30 | 31 |
SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt |
31 | 32 |
SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key |
33 |
|
|
34 |
# Certificate Authority (CA): |
|
35 |
# Set the CA certificate verification path where to find CA |
|
36 |
# certificates for client authentication or alternatively one |
|
37 |
# huge file containing all of them (file must be PEM encoded) |
|
38 |
# Note: Inside SSLCACertificatePath you need hash symlinks |
|
39 |
# to point to the certificate files. Use the provided |
|
40 |
# Makefile to update the hash symlinks after changes. |
|
41 |
SSLCACertificatePath /etc/ssl/certs/ |
|
42 |
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt |
|
43 |
|
|
44 |
# Client Authentication (Type): |
|
45 |
# Client certificate verification type and depth. Types are |
|
46 |
# none, optional, require and optional_no_ca. Depth is a |
|
47 |
# number which specifies how deeply to verify the certificate |
|
48 |
# issuer chain before deciding the certificate is not valid. |
|
49 |
<Location /knb/servlet/replication> |
|
50 |
SSLVerifyClient require |
|
51 |
SSLVerifyDepth 10 |
|
52 |
</Location> |
|
32 | 53 |
|
33 | 54 |
</VirtualHost> |
34 | 55 |
</IfModule> |
Also available in: Unified diff
include SSL settings for client certificate-based replication