diff options
Diffstat (limited to 'docs/howto-ssl-client-auth-with-apache.md')
-rw-r--r-- | docs/howto-ssl-client-auth-with-apache.md | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/docs/howto-ssl-client-auth-with-apache.md b/docs/howto-ssl-client-auth-with-apache.md new file mode 100644 index 0000000..44999f7 --- /dev/null +++ b/docs/howto-ssl-client-auth-with-apache.md @@ -0,0 +1,26 @@ + ZS - How To Set Up SSL inc. Client Authentication with Apache 2 + +Some integration tests require SSL protection of the service endpoint with SSL Client Authentication. +Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on <http://localhost:8081/>. + +1. Install Apache 2. +1. Ensure that mod-proxy is installed and enabled. +1. In `default-ssl.conf` add the following lines to proxy requests from `https://localhost/zusemsg` to `http://localhost:8081`: + + ProxyRequests off + ProxyPass /zusemsg/ http://localhost:8081/ + ProxyPassReverse /zusemsg/ http://localhost:8081/ + <Proxy *> + Order allow,deny + allow from all + </Proxy> + +1. Use certificate and key provided in this repository for the TLS connection and add the following directives to `default-ssl.conf`: + + SSLCertificateFile <path/to/repo/ssl/server>/server.localhost.cert.pem + SSLCertificateKeyFile <path/to/repo/ssl/server>/server.localhost.key.pem + SSLCertificateChainFile <path/to/repo/ssl/server>/ca-chain.cert.pem + +1. Trust the client certificate with the following directive in `default-ssl-conf`: + + SSLCACertificateFile <path/to/repo/ssl>/trusted-cas-bundle.pem |