<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLProxyMachineCertificateFile" id="SSLProxyMachineCertificateFile">SSLProxyMachineCertificateFile</a> <a name="sslproxymachinecertificatefile" id="sslproxymachinecertificatefile">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded CA certificates for proxy server client certificates</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyMachineCertificateFile <em>filename</em></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
</table>
<p>
-This directive sets the all-in-one file where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the all-in-one file where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
</p>
<p>
This referenced file is simply the concatenation of the various PEM-encoded
certificate files, in order of preference. Use this directive alternatively
or additionally to <code>SSLProxyMachineCertificatePath</code>.
</p>
+<div class="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</div>
<p>
Example:</p>
<div class="example"><p><code>
-SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/
-</code></p></div>
+SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
+</code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLProxyMachineCertificatePath" id="SSLProxyMachineCertificatePath">SSLProxyMachineCertificatePath</a> <a name="sslproxymachinecertificatepath" id="sslproxymachinecertificatepath">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory of PEM-encoded CA certificates for proxy server client certificates</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyMachineCertificatePath <em>directory</em></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
</table>
<p>
-This directive sets the directory where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the directory where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
</p>
<p>The files in this directory must be PEM-encoded and are accessed through
hash filenames. Additionally, you must create symbolic links named
directory contains the appropriate symbolic links. Use the Makefile which
comes with mod_ssl to accomplish this task.
</p>
+<div class="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</div>
<p>
Example:</p>
<div class="example"><p><code>
-SSLProxyMachineCertificatePath /usr/local/apache2/conf/ssl.crt/
+SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
</code></p></div>
</div>
<directivesynopsis>
<name>SSLProxyMachineCertificatePath</name>
-<description>Directory of PEM-encoded CA certificates for proxy server client certificates</description>
+<description>Directory of PEM-encoded client certificates and keys to be used by the proxy</description>
<syntax>SSLProxyMachineCertificatePath <em>directory</em></syntax>
<contextlist><context>server config</context></contextlist>
<override>Not applicable</override>
<usage>
<p>
-This directive sets the directory where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the directory where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
</p>
<p>The files in this directory must be PEM-encoded and are accessed through
hash filenames. Additionally, you must create symbolic links named
directory contains the appropriate symbolic links. Use the Makefile which
comes with mod_ssl to accomplish this task.
</p>
+<note type="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</note>
<p>
Example:</p>
<example>
-SSLProxyMachineCertificatePath /usr/local/apache2/conf/ssl.crt/
+SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
</example>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>SSLProxyMachineCertificateFile</name>
-<description>File of concatenated PEM-encoded CA certificates for proxy server client certificates</description>
+<description>File of concatenated PEM-encoded client certificates and keys to be used by the proxy</description>
<syntax>SSLProxyMachineCertificateFile <em>filename</em></syntax>
<contextlist><context>server config</context></contextlist>
<override>Not applicable</override>
<usage>
<p>
-This directive sets the all-in-one file where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the all-in-one file where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
</p>
<p>
This referenced file is simply the concatenation of the various PEM-encoded
certificate files, in order of preference. Use this directive alternatively
or additionally to <code>SSLProxyMachineCertificatePath</code>.
</p>
+<note type="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</note>
<p>
Example:</p>
<example>
-SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/
-</example>
-</usage>
+SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
+</example>
+</usage>
</directivesynopsis>
<directivesynopsis>
<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
proxy handshake</td></tr>
<tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr>
-<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates for proxy server client certificates</td></tr>
-<tr><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Directory of PEM-encoded CA certificates for proxy server client certificates</td></tr>
+<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr>
+<tr><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr>
<tr><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>svdh</td><td>E</td></tr><tr><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server
projects / apache / commitdiff