# This is an example configuration file for Apache-SSL. # Copyright (C) 1995,6,7 Ben Laurie # By popular demand, this file now illustrates the way to create two websites, # one secured (on port 8887), the other not (on port 8888). # You may need one of thse #User webuser # SSL Servers MUST be standalone, currently. ServerType standalone # The default port for SSL is 443... Port 8887 Listen 8887 Listen 8888 # My test document root DocumentRoot /u/ben/www/1/docs # Note that all SSL options can apply to virtual hosts. # Disable SSL. Useful in combination with virtual hosts. #SSLDisable # Set the CA certificate verification path (must be PEM encoded). # (in addition to getenv("SSL_CERT_DIR"), I think). SSLCACertificatePath /u/ben/apache/apache_1.2.4-ssl/SSLconf/conf # Set the CA certificate verification file (must be PEM encoded). # (in addition to getenv("SSL_CERT_FILE"), I think). #SSLCACertificateFile /some/where/somefile #SSLCACertificateFile /u/ben/apache/apache_1.2.4-ssl/SSLconf/conf/httpsd.pem # Point SSLCertificateFile at a PEM encoded certificate. # If the certificate is encrypted, then you will be prompted for a pass phrase. # Note that a kill -1 will prompt again. # A test certificate can be generated with "make certificate". SSLCertificateFile /u/ben/apache/apache_1.2.4-ssl/SSLconf/conf/httpsd.pem # If the key is not combined with the certificate, use this directive to # point at the key file. If this starts with a '/' it specifies an absolute # path, otherwise it is relative to the default certificate area. That is, it # means "/private/". #SSLCertificateKeyFile /some/place/with/your.key # Set SSLVerifyClient to: # 0 if no certicate is required # 1 if the client may present a valid certificate # 2 if the client must present a valid certificate # 3 if the client may present a valid certificate but it is not required to # have a valid CA SSLVerifyClient 0 # How deeply to verify before deciding they don't have a valid certificate SSLVerifyDepth 10 # Translate the client X509 into a Basic authorisation. This means that the # standard Auth/DBMAuth methods can be used for access control. The user name # is the "one line" version of the client's X509 certificate. Note that no # password is obtained from the user. Every entry in the user file needs this # password: xxj31ZMTZzkVA. See the code for further explanation. SSLFakeBasicAuth # A home for miscellaneous rubbish generated by SSL. Much of it is duplicated # in the error log file. SSLLogFile /tmp/ssl.log # Custom logging CustomLog logs/ssl_log "%t %{version}c %{cipher}c %{clientcert}c" SSLDisable # New and undocumented directives #SSLRequiredCiphers #SSLRequireCipher #SSLBanCipher # Experiment with authorization... # #AuthType Basic #AuthName Experimental #AuthGroupFile /dev/null #AuthUserFile /u/ben/www/1/users # #allow from all #require valid-user # # ScriptAlias /scripts /u/ben/www/scripts