ZS - How To Set Up SSL inc. Client Authentication with Apache 2
Some integration tests require SSL protection of the service endpoint with SSL Client Authentication. Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on http://localhost:8081/.
- Install Apache 2.
- Ensure that mod-proxy is installed and enabled.
In
default-ssl.conf
add the following lines to proxy requests fromhttps://localhost/zusemsg
tohttp://localhost:8081
:ProxyRequests off ProxyPass /zusemsg/ http://localhost:8081/ ProxyPassReverse /zusemsg/ http://localhost:8081/ <Proxy *> Order allow,deny allow from all </Proxy>
Use certificate and key provided in this repository for the TLS connection and add the following directives to
default-ssl.conf
:SSLCertificateFile <path/to/repo/ssl/server>/server.localhost.cert.pem SSLCertificateKeyFile <path/to/repo/ssl/server>/server.localhost.key.pem SSLCertificateChainFile <path/to/repo/ssl/server>/ca-chain.cert.pem
Trust the client certificate with the following directive in
default-ssl-conf
:SSLCACertificateFile <path/to/repo/ssl>/trusted-cas-bundle.pem