Revision 7254
Added by ben leinfelder about 12 years ago
| docs/user/metacat/source/dataone.rst | ||
|---|---|---|
| 175 | 175 |
certificate file. Be sure to protect the certificate file, as it contains the |
| 176 | 176 |
private key that is used to authenticate this node within DataONE. |
| 177 | 177 |
|
| 178 |
.. Note:: |
|
| 179 |
For Tier 2 deployments and above, the Metacat Member Node must have Apache configured to request |
|
| 180 |
client certificates. Detailed instructions are included at the end of this chapter. |
|
| 181 |
|
|
| 178 | 182 |
The ``Enable DataONE Services`` checkbox allows the administrator to decide whether to |
| 179 | 183 |
turn on synchronization with the DataONE network. When this box is unchecked, the |
| 180 | 184 |
DataONE Coordinating Nodes will not attempt to synchronize at all, but when checked, |
| ... | ... | |
| 301 | 305 |
or can be set using the `CNReplication.setReplicationPolicy`_ service. |
| 302 | 306 |
|
| 303 | 307 |
.. _CNReplication.setReplicationPolicy: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/CN_APIs.html#CNReplication.setReplicationPolicy |
| 308 |
|
|
| 309 |
Apache configuration details |
|
| 310 |
---------------------------- |
|
| 311 |
These Apache directives are crucial for Metacat to function as a Tier 2+ Member Node |
|
| 312 |
|
|
| 313 |
:: |
|
| 314 |
|
|
| 315 |
... |
|
| 316 |
AllowEncodedSlashes On |
|
| 317 |
AcceptPathInfo On |
|
| 318 |
JkOptions +ForwardURICompatUnparsed |
|
| 319 |
SSLEngine on |
|
| 320 |
SSLOptions +StrictRequire +StdEnvVars +ExportCertData |
|
| 321 |
SSLVerifyClient optional |
|
| 322 |
SSLVerifyDepth 10 |
|
| 323 |
SSLCertificateFile /etc/ssl/certs/<your_server_certificate> |
|
| 324 |
SSLCertificateKeyFile /etc/ssl/private/<your_server_key> |
|
| 325 |
SSLCACertificatePath /etc/ssl/certs/ |
|
| 326 |
... |
|
| 327 |
|
|
| 328 |
Where ``<your_server_certificate>`` and ``<your_server_key>`` are the certificate/key pair used by Apache |
|
| 329 |
to identify the server to clients. The DataONE Certiciate Authority certificate - available from the DataONE administrators - |
|
| 330 |
will also need to be added to the directory specified by ``SSLCACertificatePath`` |
|
| 331 |
in order to validate client certificates signed by that authority. |
|
| 332 |
When these changes have been applied, Apache should be restarted: |
|
| 333 |
|
|
| 334 |
:: |
|
| 335 |
|
|
| 336 |
cd /etc/ssl/certs |
|
| 337 |
sudo c_rehash |
|
| 338 |
sudo /etc/init.d/apache2 restart |
|
Also available in: Unified diff
Add details for configuring Apache to use client certificate authentication.