On Thu, September 16, 2010 15:32, Liegler, Jörg wrote: > On servers A und B, there is no client key authentication, so just simple > https. > > My questions: > > - What do I have to put in ???.pem for the SSLProxyMachineCertificateFile. > If - how do I have to use openssl to generate client keys? You don't need this, since you don't use client certificates on the backend server. > - Does I have to put the A_C and B_C from servers A und B somewhere in > order to pass SSLProxyVerify require? Do I have to insert that T_CA > certificate additionally, or the whole chain? If you don't use SSLProxyVerify, no verification is done. Use this only if you're paranoid, or if you're connecting to servers outside your own domain. If you do want to use SSLProxyVerify require, you need to add the signer certificates to a file, and point to this file with SSLProxyCACertificateFile (or SSLProxyCACertificatePath). Joost --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|