ZS - How To Set Up SSL inc. Client Authentication with Apache 2
Some integration tests require SSL protection of the service endpoint with SSL Client Authentication. Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on http://localhost:8081/.
- Install Apache 2.
- Ensure that mod-proxy is installed and enabled.
In
default-ssl.confadd the following lines to proxy requests fromhttps://localhost/zusemsgtohttp://localhost:8081:ProxyRequests off ProxyPass /zusemsg/ http://localhost:8081/ ProxyPassReverse /zusemsg/ http://localhost:8081/ <Proxy *> Order allow,deny allow from all </Proxy>Use certificate and key provided in this repository for the TLS connection and add the following directives to
default-ssl.conf:SSLCertificateFile <path/to/repo/ssl/server>/server.localhost.cert.pem SSLCertificateKeyFile <path/to/repo/ssl/server>/server.localhost.key.pem SSLCertificateChainFile <path/to/repo/ssl/server>/ca-chain.cert.pemTrust the client certificate with the following directive in
default-ssl-conf:SSLCACertificateFile <path/to/repo/ssl>/trusted-cas-bundle.pem