## ## ## Outpost SSL configuration ## ## ## ## Copyright (C) 2003 FOSS-On-Line , ## Aleksey Krivoshey ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ## # # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See documentation for a complete list. # SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, you will be asked for a password phrase # SSLCertificateFile ${OUTPOST_HOME}/conf/ssl.crt/outpost.crt # # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # SSLCertificateKeyFile ${OUTPOST_HOME}/conf/ssl.key/outpost.key # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. SSLCACertificatePath ${OUTPOST_HOME}/conf/ssl.crt SSLCACertificateFile ${OUTPOST_HOME}/conf/ssl.crt/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath ${OUTPOST_HOME}/conf/ssl.crl #SSLCARevocationFile ${OUTPOST_HOME}/conf/ssl.crl/ca-bundle.crl # # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional and require. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. # SSLVerifyClient require SSLVerifyDepth 10 # EOF