httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 24029] New: - SSLProxyMachineCertificateFile documentation is wrong
Date Thu, 23 Oct 2003 06:24:30 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24029>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24029

SSLProxyMachineCertificateFile documentation is wrong

           Summary: SSLProxyMachineCertificateFile documentation is wrong
           Product: Apache httpd-2.0
           Version: 2.0.47
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Documentation
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: kris.verbeeck@advalvas.be


AFAICT, the documentation of the SSLProxyMachineCertificateFile is
incorrect.  The docs state:

    This directive sets the all-in-one file where you keep the
    certificates of Certification Authorities (CAs) whose proxy
    client certificates are used for authentication of the proxy
    server to remote servers.

    This referenced file is simply the concatenation of the
    various PEM-encoded certificate files, in order of preference.
    Use this directive alternatively or additionally to
    SSLProxyMachineCertificatePath.

    Example:

      SSLProxyMachineCertificatePath /usr/local/apache/conf/ssl.crt/

IMHO you should not put a bunch of CA certs in this file.  The file
should contain the SSL client certificate and its corresponding private
key (by concatenating them in PEM-encoded format).

As confirmed by Joe Orton, it is possible to insert multiple client
certificates by concatenating then one after the other in the file.

(see also the following thread
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=106629032008685&w=2)

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message