| Summary: | SSLProxyMachineCertificateFile documentation is wrong | ||
|---|---|---|---|
| Product: | Apache httpd-2 | Reporter: | kris.verbeeck |
| Component: | Documentation | Assignee: | HTTP Server Documentation List <docs> |
| Status: | CLOSED FIXED | ||
| Severity: | normal | CC: | dave.bevan |
| Priority: | P3 | ||
| Version: | 2.0.47 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
Docs updated in cvs |
AFAICT, the documentation of the SSLProxyMachineCertificateFile is incorrect. The docs state: This directive sets the all-in-one file where you keep the certificates of Certification Authorities (CAs) whose proxy client certificates are used for authentication of the proxy server to remote servers. This referenced file is simply the concatenation of the various PEM-encoded certificate files, in order of preference. Use this directive alternatively or additionally to SSLProxyMachineCertificatePath. Example: SSLProxyMachineCertificatePath /usr/local/apache/conf/ssl.crt/ IMHO you should not put a bunch of CA certs in this file. The file should contain the SSL client certificate and its corresponding private key (by concatenating them in PEM-encoded format). As confirmed by Joe Orton, it is possible to insert multiple client certificates by concatenating then one after the other in the file. (see also the following thread http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=106629032008685&w=2)