diff options
Diffstat (limited to 'sca-cpp/trunk/modules/http/httpd-ssl-conf')
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index 77a4898e74..9de67ff716 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -129,6 +129,18 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [sslaccess] %h %l %u %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\" \"%{cookie}n\" %A %V %D %I %O" sslcombined CustomLog $root/logs/ssl_access_log sslcombined +# Enable HTTPS reverse proxy +ProxyRequests Off +ProxyPreserveHost Off +ProxyStatus On +SSLProxyEngine on +SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Verify server certificates +SSLProxyVerify require +SSLProxyVerifyDepth 1 +SSLProxyCheckPeerCN Off + EOF proxycert="server" @@ -144,8 +156,12 @@ Include conf/vhost-ssl.conf # Declare SSL certificates used in this virtual host SSLCACertificateFile "$root/cert/ca.crt" SSLCertificateChainFile "$root/cert/ca.crt" -SSLCertificateFile "$root/cert/server.crt" -SSLCertificateKeyFile "$root/cert/server.key" +SSLCertificateFile "$root/cert/vhost.crt" +SSLCertificateKeyFile "$root/cert/vhost.key" + +# Declare proxy SSL client certificates +SSLProxyCACertificateFile "$root/cert/ca.crt" +SSLProxyMachineCertificateFile "$root/cert/$proxycert.pem" EOF |