--- loncom/loncapa.conf 2003/05/08 22:08:18 1.8 +++ loncom/loncapa.conf 2004/05/26 10:17:49 1.9 @@ -1,7 +1,7 @@ ## ## loncapa.conf -- Apache HTTP LON-CAPA configuration file ## -## $Id: loncapa.conf,v 1.8 2003/05/08 22:08:18 albertel Exp $ +## $Id: loncapa.conf,v 1.9 2004/05/26 10:17:49 foxr Exp $ ## # ======================================= Machine Specific / Perl Configuration @@ -39,3 +39,68 @@ PerlSetVar lonExpire {[[[[lonEx # Key to issue receipts PerlSetVar lonReceipt {[[[[lonReceipt]]]]} + +# +# The variables below control the behavior of secure lond: +# +# + +# londAllowInsecure allows lond to fall back to insecure connections +# in the event its peer is not yet updated to secure lonc. +# If you are certain all the systems you are communicating with +# are using secure lonc, uncomment the first definition and +# comment the second. + +# PerlSetVar londAllowInsecure {[[[[0]]]]} +PerlSetVar londAllowInsecure {[[[[1]]]]} + +# loncAllowInsecure allows lonc to fall back to negotiating an insecure +# connection with lond in the event the peer is not yet a secure lond. +# If you are certain that all systems you are communicating with +# are using secure lond, uncomment the next line and comment the +# second: + +# PerlSetVar loncAllowInsecure {[[[[0]]]]} +PerlSetVar loncAllowInsecure {[[[[1]]]]} + +# +# Secure lond/lonc require ssl certificate and private +# key files to function correctly. The certificate +# files need not be terribly secure, but the private key files +# should be set up so that only www (the lonc/lond effective user) +# can read them. +# +# The definition below is the full path to the directory that +# contains the certificate and key files: +# +PerlSetVar lonCertificateDirectory {[[[[/home/httpd/lonCerts]]]]} + +# +# Secure lond/lonc require two certificates and a private host key. +# The certificates required are that of the lonCAPA certificate authority +# and the certificate that authority issued to this host. +# lonnetCertificateAuthority is the name of the file that contains the +# lonCAPA certificate authority's certificate. +# lonnetCertificate is the name of the file that contains the certificate +# issued to the host by the certificate authority. +# Both of these variables are names of files assumed to be in +# lonCertificateDirectory: + +PerlSetVar lonnetCertificateAuthority {[[[[loncapaCA.pem]]]]} +PerlSetVar lonnetCertificate {[[[[lonhostcert.pem]]]]} + +# +# To generate the request for a certificate, and to negotiate the +# initial ssl connection, the host requires a private key. This key +# is created at lonCAPA install time. Did we mention above that it +# should be set so that only www can read it? The variale below +# is the name of the file relative to lonnetCertificateDirectory +# that has the host's private key. Did we remember to tell you to +# keep the permissions on that file set to rw------- (0600)? +# + +PerlSetVar lonnetPrivateKey {[[[[lonKey.pem]]]]} + +# Did we mention that the file described above must have +# permissions really locked down so that it can't be stolen? +