miohtama · March 21, 2013 21:05
diff --git a/gistfile1.txt b/gistfile1.txt
 # Apache configuration for running local browser against a locally running xxxx for manual smartcard testing
 # Listen 4433

 <VirtualHost 127.0.0.1:4433>

    # Real men use mod_proxy
    DocumentRoot "/nowhere"

    ServerName local-apache
    ServerAdmin [email protected]

    SSLEngine on
    SSLOptions +StdEnvVars +ExportCertData

    # Server-side SSL configuration
    SSLCertificateFile /etc/apache2/certificate-test/server.crt
    SSLCertificateKeyFile /etc/apache2/certificate-test/server.key


    # Normal SSL site traffic does not require verify client
    SSLVerifyClient none
    SSLVerifyDepth 999

    <IfModule mod_proxy.c>
        ProxyVia On

        # prevent the webserver from beeing used as proxy
        <LocationMatch "^[^/]">
            Deny from all
        </LocationMatch>
    </IfModule>

    <Location /@@smartcard-activate-stage-two>
        # For real
        SSLVerifyClient require

        # For testing don't care about certificate integrity that much
        #SSLVerifyClient optional_no_ca

        SSLCACertificateFile /etc/apache2/certificate-test/ca.crt

        # Apache does not natively pass forward headers
        # created by SSLOptions +StdEnvVars,
        # so we pass them forward to Python using RequestHeader
        # from mod_headers
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
    </Location>

    <Location /@@smartcard-login>
        # For real
        SSLVerifyClient require

        SSLCACertificateFile /etc/apache2/certificate-test/ca.crt

        # Apache does not natively pass forward headers
        # created by SSLOptions +StdEnvVars,
        # so we pass them forward to Python using RequestHeader
        # from mod_headers
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
    </Location>

    # Connect to Plone ZEO client1 running on fg
    ProxyPass             / http://localhost:8080/VirtualHostBase/https/local-apache:4433/xxxx/xxxxngta/VirtualHostRoot/
    ProxyPassReverse      / http://localhost:8080/VirtualHostBase/https/local-apache:4433/xxxx/xxxxngta/VirtualHostRoot/

 </VirtualHost>
	# Apache configuration for running local browser against a locally running xxxx for manual smartcard testing
	# Listen 4433

	<VirtualHost 127.0.0.1:4433>

	# Real men use mod_proxy
	DocumentRoot "/nowhere"

	ServerName local-apache
	ServerAdmin [email protected]

	SSLEngine on
	SSLOptions +StdEnvVars +ExportCertData

	# Server-side SSL configuration
	SSLCertificateFile /etc/apache2/certificate-test/server.crt
	SSLCertificateKeyFile /etc/apache2/certificate-test/server.key


	# Normal SSL site traffic does not require verify client
	SSLVerifyClient none
	SSLVerifyDepth 999

	<IfModule mod_proxy.c>
	ProxyVia On

	# prevent the webserver from beeing used as proxy
	<LocationMatch "^[^/]">
	Deny from all
	</LocationMatch>
	</IfModule>

	<Location /@@smartcard-activate-stage-two>
	# For real
	SSLVerifyClient require

	# For testing don't care about certificate integrity that much
	#SSLVerifyClient optional_no_ca

	SSLCACertificateFile /etc/apache2/certificate-test/ca.crt

	# Apache does not natively pass forward headers
	# created by SSLOptions +StdEnvVars,
	# so we pass them forward to Python using RequestHeader
	# from mod_headers
	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
	</Location>

	<Location /@@smartcard-login>
	# For real
	SSLVerifyClient require

	SSLCACertificateFile /etc/apache2/certificate-test/ca.crt

	# Apache does not natively pass forward headers
	# created by SSLOptions +StdEnvVars,
	# so we pass them forward to Python using RequestHeader
	# from mod_headers
	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
	</Location>

	# Connect to Plone ZEO client1 running on fg
	ProxyPass / http://localhost:8080/VirtualHostBase/https/local-apache:4433/xxxx/xxxxngta/VirtualHostRoot/
	ProxyPassReverse / http://localhost:8080/VirtualHostBase/https/local-apache:4433/xxxx/xxxxngta/VirtualHostRoot/

	</VirtualHost>