diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -60,7 +60,6 @@ GnuTLSCache dbm conf/gnutls_cache | |||
60 | GnuTLSX509CertificateFile conf/server.cert | 60 | GnuTLSX509CertificateFile conf/server.cert |
61 | </VirtualHost> | 61 | </VirtualHost> |
62 | 62 | ||
63 | |||
64 | # a more advanced configuration | 63 | # a more advanced configuration |
65 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" | 64 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" |
66 | GnuTLSCacheTimeout 600 | 65 | GnuTLSCacheTimeout 600 |
@@ -87,3 +86,26 @@ NameVirtualHost 1.2.3.4:443 | |||
87 | GnuTLSX509CAFile ca.pem | 86 | GnuTLSX509CAFile ca.pem |
88 | ... | 87 | ... |
89 | </VirtualHost> | 88 | </VirtualHost> |
89 | |||
90 | # A setup for OpenPGP and X.509 authentication | ||
91 | <VirtualHost 1.2.3.4:443> | ||
92 | Servername crystal.lan:443 | ||
93 | GnuTLSEnable on | ||
94 | GnuTLSPriorities NORMAL:+COMP-NULL | ||
95 | |||
96 | # setup the openpgp keys | ||
97 | GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc | ||
98 | GnuTLSPGPKeyFile /etc/apache2/test.sec.asc | ||
99 | |||
100 | # and the X.509 keys | ||
101 | GnuTLSCertificateFile /etc/apache2/server-cert.pem | ||
102 | GnuTLSKeyFile /etc/apache2/server-key.pem | ||
103 | GnuTLSClientVerify ignore | ||
104 | |||
105 | # To avoid using the default DH params | ||
106 | GnuTLSDHFile /etc/apache2/dh.pem | ||
107 | |||
108 | # these are only needed if GnuTLSClientVerify != ignore | ||
109 | GnuTLSClientCAFile ca.pem | ||
110 | GnuTLSPGPKeyringFile /etc/apache2/ring.asc | ||
111 | </VirtualHost> | ||