Hi, On Tue, Oct 15, 2002 at 06:16:07PM +0200, Maik Mueller wrote: > This brings up some questions to me: > > Why aren't there two options like SSLProxyMachineCertificateFile, > SSLProxyMachineKeyFile for separated certificate and key files? > > Is there a way to provide several certificate/key pairs?
Yes, you can either put several key pairs in the file referenced by SSLProxyMachineCertificateFile, or you can use a directory of files (each containing a key pair) with SSLProxyMachineCertificatePath; all files in the specified directory are loaded. If you have configured the origin server to send a list of CA names in the client certificate request, mod_ssl will then try to pick an appropriate client cert which was issued by one of the CA names it receives. (there are some useful debugging messages at "SSLLogLevel debug") > The Apache documentation (www.apache.org) describes SSLProxy* as part of > mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org? > (Probably Ralf Engelschall can explain this.) > > Is this Apache 2.0 feature available in Apache 1.3 too? Yep, these directives work in mod_ssl/2.8 for Apache 1.3, though were never documented. > I think the current documentation of SSLProxyMachineCertificateFile is at > least misleading. Yes, it's been cut'n'pasted badly; you could report a documentation bug on that at http://nagoya.apache.org/bugzilla/ Regards, joe -- Joe Orton, Red Hat Europe, Stronghold Engineering ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
