Project

General

Profile

« Previous | Next » 

Revision 8707

include SSLVerify* directives for client certificates and a pointer for getting the DataONE chain files.

View differences:

src/scripts/debian/metacat-site-ssl
45 45
        #   Note: Inside SSLCACertificatePath you need hash symlinks
46 46
        #         to point to the certificate files. Use the provided
47 47
        #         Makefile to update the hash symlinks after changes.
48
        # Use the correct DataONE chain for validating client certificates
49
        # see: https://repository.dataone.org/software/tools/trunk/ca
48 50
        SSLCACertificatePath /etc/ssl/certs/
49
        #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
51
        #SSLCACertificateFile /etc/ssl/certs/DataONECAChain.crt
52
        SSLVerifyClient optional
53
        SSLVerifyDepth  10
50 54
        
51 55
        #   Client Authentication (Type):
52 56
        #   Client certificate verification type and depth.  Types are

Also available in: Unified diff