Project

General

Profile

1 4926 daigle
<IfModule mod_ssl.c>
2 4990 tao
NameVirtualHost *:443
3 4926 daigle
<VirtualHost *:443>
4 6558 leinfelder
        DocumentRoot /var/lib/tomcat6/webapps/knb
5 4926 daigle
6 6558 leinfelder
        ScriptAlias /knb/cgi-bin/ /var/lib/tomcat6/webapps/knb/cgi-bin/
7
        <Directory "/var/lib/tomcat6/webapps/knb/cgi-bin/">
8 4926 daigle
                AllowOverride All
9
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
10
                Order allow,deny
11
                Allow from all
12
        </Directory>
13
14
        <IfModule mod_jk.c>
15
                JkMount /knb ajp13
16
                JkMount /knb/* ajp13
17
                JkMount /knb/metacat ajp13
18
                JkMount /*.jsp ajp13
19
                JkUnMount /knb/cgi-bin/* ajp13
20 7052 pippin
21
                JkOptions +ForwardURICompatUnparsed
22 4926 daigle
        </IfModule>
23 7052 pippin
24
        AllowEncodedSlashes On
25
        AcceptPathInfo      On
26 6812 leinfelder
27 4926 daigle
        #   SSL Engine Switch:
28
        #   Enable/Disable SSL for this virtual host.
29
        SSLEngine on
30 6812 leinfelder
31 4926 daigle
        #   A self-signed (snakeoil) certificate can be created by installing
32
        #   the ssl-cert package. See
33
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
34
        #   If both key and certificate are stored in the same file, only the
35
        #   SSLCertificateFile directive is needed.
36
        SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt
37
        SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key
38 6812 leinfelder
39
        #   Certificate Authority (CA):
40
        #   Set the CA certificate verification path where to find CA
41
        #   certificates for client authentication or alternatively one
42
        #   huge file containing all of them (file must be PEM encoded)
43
        #   Note: Inside SSLCACertificatePath you need hash symlinks
44
        #         to point to the certificate files. Use the provided
45
        #         Makefile to update the hash symlinks after changes.
46
        SSLCACertificatePath /etc/ssl/certs/
47
        #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
48
49
        #   Client Authentication (Type):
50
        #   Client certificate verification type and depth.  Types are
51
        #   none, optional, require and optional_no_ca.  Depth is a
52
        #   number which specifies how deeply to verify the certificate
53
        #   issuer chain before deciding the certificate is not valid.
54
        <Location /knb/servlet/replication>
55
                SSLVerifyClient require
56
                SSLVerifyDepth  10
57
        </Location>
58 4926 daigle
59
</VirtualHost>
60
</IfModule>