Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • docs/mod_gnutls_manual.mdwn

    r031acac rf030883  
    153153---------------
    154154
    155 Set to the PEM Encoded Server Certificate
    156 
    157     GnuTLSCertificateFile FILEPATH
    158 
    159 Default: *none*\
    160 Context: server config, virtual host
    161 
    162 Takes an absolute or relative path to the Server Private Key.  This
    163 key cannot currently be password protected.
     155Set to the PEM Encoded Server Private Key
     156
     157    GnuTLSKeyFile FILEPATH
     158
     159Default: *none*\
     160Context: server config, virtual host
     161
     162Takes an absolute or relative path to the Server Private Key. This key
     163cannot currently be password protected.
    164164
    165165**Security Warning:**\
     
    367367as protection against statistical attacks to ciphertext data in order to
    368368achieve maximum compatibility (some broken mobile clients need this).
    369 
    370 `GnuTLSPIN`
    371 ------------------
    372 
    373 Set the PIN to be used to access encrypted key files or PKCS #11 objects.
    374 
    375     GnuTLSPIN XXXXXX
    376 
    377 Default: *none*\
    378 Context: server config, virtual host
    379 
    380 Takes a string to be used as a PIN for the protected objects in
    381 a security module, or as a key to be used to decrypt PKCS #8, PKCS #12,
    382 or openssl encrypted keys.
    383 
    384 `GnuTLSSRKPIN`
    385 ------------------
    386 
    387 Set the SRK PIN to be used to unlaccess the TPM.
    388 
    389     GnuTLSSRKPIN XXXXXX
    390 
    391 Default: *none*\
    392 Context: server config, virtual host
    393 
    394 Takes a string to be used as a PIN for the protected objects in
    395 the TPM module.
    396369
    397370`GnuTLSExportCertificates`
     
    422395With GnuTLSExportCertificates enabled, `mod_gnutls` exports the same
    423396environment variables to the CGI process as `mod_ssl`.
     397
     398
     399`SSLProxyEngine`
     400--------------
     401
     402Enable TLS proxy connections for this virtual host
     403
     404    SSLProxyEngine [on|off]
     405
     406Default: *off*\
     407Context: virtual host
     408
     409This directive enables support for TLS proxy connections for a virtual
     410host.
     411
     412`GnuTLSProxyCAFile`
     413--------------------
     414
     415Set to the PEM encoded Certificate Authority Certificate
     416
     417    GnuTLSProxyCAFile FILEPATH
     418
     419Default: *none*\
     420Context: server config, virtual host
     421
     422Takes an absolute or relative path to a PEM encoded certificate to use
     423as a Certificate Authority when verifying certificates provided by
     424proxy back end servers. This file may contain a list of trusted
     425authorities. If not set, verification of TLS back end servers will
     426always fail due to lack of a trusted CA.
     427
     428`GnuTLSProxyCRLFile`
     429--------------------
     430
     431Set to the PEM encoded Certificate Revocation List
     432
     433    GnuTLSProxyCRLFile FILEPATH
     434
     435Default: *none*\
     436Context: server config, virtual host
     437
     438Takes an absolute or relative path to a PEM encoded Certificate
     439Revocation List to use when verifying certificates provided by proxy
     440back end servers. The file may contain a list of CRLs.
     441
     442`GnuTLSProxyCertificateFile`
     443-----------------------
     444
     445Set to the PEM encoded Client Certificate
     446
     447    GnuTLSProxyCertificateFile FILEPATH
     448
     449Default: *none*\
     450Context: server config, virtual host
     451
     452Takes an absolute or relative path to a PEM encoded X.509 certificate
     453to use as this Server's End Entity (EE) client certificate for TLS
     454client authentication in proxy TLS connections. If you need to supply
     455certificates for intermediate Certificate Authorities (iCAs), they
     456should be listed in sequence in the file, from EE to the iCA closest
     457to the root CA. Optionally, you can also include the root CA's
     458certificate as the last certificate in the list.
     459
     460If not set, TLS client authentication will be disabled for TLS proxy
     461connections. If set, `GnuTLSProxyKeyFile` must be set as well to
     462provide the matching private key.
     463
     464`GnuTLSProxyKeyFile`
     465---------------
     466
     467Set to the PEM encoded Private Key
     468
     469    GnuTLSProxyKeyFile FILEPATH
     470
     471Default: *none*\
     472Context: server config, virtual host
     473
     474Takes an absolute or relative path to the Private Key matching the
     475certificate configured using the `GnuTLSProxyCertificateFile`
     476directive. This key cannot currently be password protected.
     477
     478**Security Warning:**\
     479This private key must be protected. It is read while Apache is still
     480running as root, and does not need to be readable by the nobody or
     481apache user.
     482
     483`GnuTLSProxyPriorities`
     484------------------
     485
     486Set the allowed ciphers, key exchange algorithms, MACs and compression
     487methods for proxy connections
     488
     489    GnuTLSProxyPriorities NORMAL:+CIPHER_0:+CIPHER_1:...:+CIPHER_N
     490
     491Default: *none*\
     492Context: server config, virtual host
     493
     494This option is used to set the allowed ciphers, key exchange
     495algorithms, MACs and compression methods for proxy connections. It
     496takes the same parameters as `GnuTLSPriorities`. Required if
     497`SSLProxyEngine` is `On`.
    424498
    425499* * * * *
Note: See TracChangeset for help on using the changeset viewer.