diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 34 |
1 files changed, 6 insertions, 28 deletions
| @@ -54,12 +54,13 @@ GnuTLSCache dbm conf/gnutls_cache | |||
| 54 | GnuTLSEnable On | 54 | GnuTLSEnable On |
| 55 | 55 | ||
| 56 | # This is the Private key for your server. | 56 | # This is the Private key for your server. |
| 57 | GnuTLSX509KeyFile conf/server.key | 57 | GnuTLSKeyFile conf/server.key |
| 58 | 58 | ||
| 59 | # This is the Server Certificate. | 59 | # This is the Server Certificate. |
| 60 | GnuTLSX509CertificateFile conf/server.cert | 60 | GnuTLSCertificateFile conf/server.cert |
| 61 | </VirtualHost> | 61 | </VirtualHost> |
| 62 | 62 | ||
| 63 | |||
| 63 | # a more advanced configuration | 64 | # a more advanced configuration |
| 64 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" | 65 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" |
| 65 | GnuTLSCacheTimeout 600 | 66 | GnuTLSCacheTimeout 600 |
| @@ -72,8 +73,8 @@ NameVirtualHost 1.2.3.4:443 | |||
| 72 | # To export exactly the same environment variables as mod_ssl to CGI scripts. | 73 | # To export exactly the same environment variables as mod_ssl to CGI scripts. |
| 73 | GNUTLSExportCertificates on | 74 | GNUTLSExportCertificates on |
| 74 | 75 | ||
| 75 | GnuTLSX509CertificateFile /etc/apache2/server-cert.pem | 76 | GnuTLSCertificateFile /etc/apache2/server-cert.pem |
| 76 | GnuTLSX509KeyFile /etc/apache2/server-key.pem | 77 | GnuTLSKeyFile /etc/apache2/server-key.pem |
| 77 | 78 | ||
| 78 | # To enable SRP you must have these files installed. Check the gnutls srptool. | 79 | # To enable SRP you must have these files installed. Check the gnutls srptool. |
| 79 | GnuTLSSRPPasswdFile /etc/apache2/tpasswd | 80 | GnuTLSSRPPasswdFile /etc/apache2/tpasswd |
| @@ -83,29 +84,6 @@ NameVirtualHost 1.2.3.4:443 | |||
| 83 | # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile | 84 | # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile |
| 84 | # contains the CAs to verify client certificates. | 85 | # contains the CAs to verify client certificates. |
| 85 | GnuTLSClientVerify request | 86 | GnuTLSClientVerify request |
| 86 | GnuTLSX509CAFile ca.pem | ||
| 87 | ... | ||
| 88 | </VirtualHost> | ||
| 89 | |||
| 90 | # A setup for OpenPGP and X.509 authentication | ||
| 91 | <VirtualHost 1.2.3.4:443> | ||
| 92 | Servername crystal.lan:443 | ||
| 93 | GnuTLSEnable on | ||
| 94 | GnuTLSPriorities NORMAL:+COMP-NULL | ||
| 95 | |||
| 96 | # setup the openpgp keys | ||
| 97 | GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc | ||
| 98 | GnuTLSPGPKeyFile /etc/apache2/test.sec.asc | ||
| 99 | |||
| 100 | # and the X.509 keys | ||
| 101 | GnuTLSCertificateFile /etc/apache2/server-cert.pem | ||
| 102 | GnuTLSKeyFile /etc/apache2/server-key.pem | ||
| 103 | GnuTLSClientVerify ignore | ||
| 104 | |||
| 105 | # To avoid using the default DH params | ||
| 106 | GnuTLSDHFile /etc/apache2/dh.pem | ||
| 107 | |||
| 108 | # these are only needed if GnuTLSClientVerify != ignore | ||
| 109 | GnuTLSClientCAFile ca.pem | 87 | GnuTLSClientCAFile ca.pem |
| 110 | GnuTLSPGPKeyringFile /etc/apache2/ring.asc | 88 | ... |
| 111 | </VirtualHost> | 89 | </VirtualHost> |