aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--hs20/server/hs20-osu-server.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/hs20/server/hs20-osu-server.txt b/hs20/server/hs20-osu-server.txt
index 70f1313..22478ad 100644
--- a/hs20/server/hs20-osu-server.txt
+++ b/hs20/server/hs20-osu-server.txt
@@ -228,12 +228,17 @@ Add following block just before "SSL Engine Switch" line":
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Require all granted
+ SSLOptions +StdEnvVars
</Directory>
Update SSL configuration to use the OSU server certificate/key.
They keys and certs are called 'server.key' and 'server.pem' from
ca/setup.sh.
+To support subscription remediation using client certificates, set
+"SSLVerifyClient optional" and configure the trust root CA(s) for the
+client certificates with SSLCACertificateFile.
+
Enable default-ssl site and restart Apache2:
sudo a2ensite default-ssl
sudo a2enmod ssl