--- loncom/loncapa_apache.conf 2004/04/23 23:01:34 1.78 +++ loncom/loncapa_apache.conf 2004/05/27 09:28:38 1.79 @@ -1,7 +1,7 @@ ## ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file ## -## $Id: loncapa_apache.conf,v 1.78 2004/04/23 23:01:34 albertel Exp $ +## $Id: loncapa_apache.conf,v 1.79 2004/05/27 09:28:38 foxr Exp $ ## # @@ -907,6 +907,51 @@ PerlSetVar lonSqlAccess localhos PerlSetVar lonhttpdPort 8080 +# Parameters used by secure lond/lonc + +# +# Secure lond/lonc require ssl certificate and private +# key files to function correctly. The certificate +# files need not be terribly secure, but the private key files +# should be set up so that only www (the lonc/lond effective user) +# can read them. +# +# The definition below is the full path to the directory that +# contains the certificate and key files: +# +PerlSetVar lonCertificateDirectory /home/httpd/lonCerts + +# +# Secure lond/lonc require two certificates and a private host key. +# The certificates required are that of the lonCAPA certificate authority +# and the certificate that authority issued to this host. +# lonnetCertificateAuthority is the name of the file that contains the +# lonCAPA certificate authority's certificate. +# lonnetCertificate is the name of the file that contains the certificate +# issued to the host by the certificate authority. +# Both of these variables are names of files assumed to be in +# lonCertificateDirectory: + +PerlSetVar lonnetCertificateAuthority loncapaCA.pem +PerlSetVar lonnetCertificate lonhostcert.pem + +# +# To generate the request for a certificate, and to negotiate the +# initial ssl connection, the host requires a private key. This key +# is created at lonCAPA install time. Did we mention above that it +# should be set so that only www can read it? The variale below +# is the name of the file relative to lonnetCertificateDirectory +# that has the host's private key. Did we remember to tell you to +# keep the permissions on that file set to rw------- (0600)? +# + +PerlSetVar lonnetPrivateKey lonKey.pem + +# Did we mention that the file described above must have +# permissions really locked down so that it can't be stolen? + + + # ====================================== Include machine-specific configuration