Bug 24029 - SSLProxyMachineCertificateFile documentation is wrong
Summary: SSLProxyMachineCertificateFile documentation is wrong
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 2.0.47
Hardware: All All
: P3 normal (vote)
Target Milestone: ---
Assignee: HTTP Server Documentation List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-10-23 06:24 UTC by kris.verbeeck
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description kris.verbeeck 2003-10-23 06:24:29 UTC
AFAICT, the documentation of the SSLProxyMachineCertificateFile is
incorrect.  The docs state:

    This directive sets the all-in-one file where you keep the
    certificates of Certification Authorities (CAs) whose proxy
    client certificates are used for authentication of the proxy
    server to remote servers.

    This referenced file is simply the concatenation of the
    various PEM-encoded certificate files, in order of preference.
    Use this directive alternatively or additionally to
    SSLProxyMachineCertificatePath.

    Example:

      SSLProxyMachineCertificatePath /usr/local/apache/conf/ssl.crt/

IMHO you should not put a bunch of CA certs in this file.  The file
should contain the SSL client certificate and its corresponding private
key (by concatenating them in PEM-encoded format).

As confirmed by Joe Orton, it is possible to insert multiple client
certificates by concatenating then one after the other in the file.

(see also the following thread
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=106629032008685&w=2)
Comment 1 Mads Toftum 2004-01-05 22:13:16 UTC
Docs updated in cvs