Project

General

Profile

« Previous | Next » 

Revision 6812

include SSL settings for client certificate-based replication

View differences:

knb-ssl
18 18
                JkMount /*.jsp ajp13
19 19
                JkUnMount /knb/cgi-bin/* ajp13
20 20
        </IfModule>
21
        
21 22
        #   SSL Engine Switch:
22 23
        #   Enable/Disable SSL for this virtual host.
23

  
24 24
        SSLEngine on
25
        
25 26
        #   A self-signed (snakeoil) certificate can be created by installing
26 27
        #   the ssl-cert package. See
27 28
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
......
29 30
        #   SSLCertificateFile directive is needed.
30 31
        SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt
31 32
        SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key
33
        
34
        #   Certificate Authority (CA):
35
        #   Set the CA certificate verification path where to find CA
36
        #   certificates for client authentication or alternatively one
37
        #   huge file containing all of them (file must be PEM encoded)
38
        #   Note: Inside SSLCACertificatePath you need hash symlinks
39
        #         to point to the certificate files. Use the provided
40
        #         Makefile to update the hash symlinks after changes.
41
        SSLCACertificatePath /etc/ssl/certs/
42
        #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
43
        
44
        #   Client Authentication (Type):
45
        #   Client certificate verification type and depth.  Types are
46
        #   none, optional, require and optional_no_ca.  Depth is a
47
        #   number which specifies how deeply to verify the certificate
48
        #   issuer chain before deciding the certificate is not valid.
49
        <Location /knb/servlet/replication>
50
                SSLVerifyClient require
51
                SSLVerifyDepth  10
52
        </Location>
32 53

  
33 54
</VirtualHost>
34 55
</IfModule>

Also available in: Unified diff