diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 34 |
1 files changed, 6 insertions, 28 deletions
@@ -54,12 +54,13 @@ GnuTLSCache dbm conf/gnutls_cache | |||
54 | GnuTLSEnable On | 54 | GnuTLSEnable On |
55 | 55 | ||
56 | # This is the Private key for your server. | 56 | # This is the Private key for your server. |
57 | GnuTLSX509KeyFile conf/server.key | 57 | GnuTLSKeyFile conf/server.key |
58 | 58 | ||
59 | # This is the Server Certificate. | 59 | # This is the Server Certificate. |
60 | GnuTLSX509CertificateFile conf/server.cert | 60 | GnuTLSCertificateFile conf/server.cert |
61 | </VirtualHost> | 61 | </VirtualHost> |
62 | 62 | ||
63 | |||
63 | # a more advanced configuration | 64 | # a more advanced configuration |
64 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" | 65 | GnuTLSCache dbm "/var/cache/www-tls-cache/cache" |
65 | GnuTLSCacheTimeout 600 | 66 | GnuTLSCacheTimeout 600 |
@@ -72,8 +73,8 @@ NameVirtualHost 1.2.3.4:443 | |||
72 | # To export exactly the same environment variables as mod_ssl to CGI scripts. | 73 | # To export exactly the same environment variables as mod_ssl to CGI scripts. |
73 | GNUTLSExportCertificates on | 74 | GNUTLSExportCertificates on |
74 | 75 | ||
75 | GnuTLSX509CertificateFile /etc/apache2/server-cert.pem | 76 | GnuTLSCertificateFile /etc/apache2/server-cert.pem |
76 | GnuTLSX509KeyFile /etc/apache2/server-key.pem | 77 | GnuTLSKeyFile /etc/apache2/server-key.pem |
77 | 78 | ||
78 | # To enable SRP you must have these files installed. Check the gnutls srptool. | 79 | # To enable SRP you must have these files installed. Check the gnutls srptool. |
79 | GnuTLSSRPPasswdFile /etc/apache2/tpasswd | 80 | GnuTLSSRPPasswdFile /etc/apache2/tpasswd |
@@ -83,29 +84,6 @@ NameVirtualHost 1.2.3.4:443 | |||
83 | # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile | 84 | # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile |
84 | # contains the CAs to verify client certificates. | 85 | # contains the CAs to verify client certificates. |
85 | GnuTLSClientVerify request | 86 | GnuTLSClientVerify request |
86 | GnuTLSX509CAFile ca.pem | ||
87 | ... | ||
88 | </VirtualHost> | ||
89 | |||
90 | # A setup for OpenPGP and X.509 authentication | ||
91 | <VirtualHost 1.2.3.4:443> | ||
92 | Servername crystal.lan:443 | ||
93 | GnuTLSEnable on | ||
94 | GnuTLSPriorities NORMAL:+COMP-NULL | ||
95 | |||
96 | # setup the openpgp keys | ||
97 | GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc | ||
98 | GnuTLSPGPKeyFile /etc/apache2/test.sec.asc | ||
99 | |||
100 | # and the X.509 keys | ||
101 | GnuTLSCertificateFile /etc/apache2/server-cert.pem | ||
102 | GnuTLSKeyFile /etc/apache2/server-key.pem | ||
103 | GnuTLSClientVerify ignore | ||
104 | |||
105 | # To avoid using the default DH params | ||
106 | GnuTLSDHFile /etc/apache2/dh.pem | ||
107 | |||
108 | # these are only needed if GnuTLSClientVerify != ignore | ||
109 | GnuTLSClientCAFile ca.pem | 87 | GnuTLSClientCAFile ca.pem |
110 | GnuTLSPGPKeyringFile /etc/apache2/ring.asc | 88 | ... |
111 | </VirtualHost> | 89 | </VirtualHost> |