30 lines
785 B
Plaintext
30 lines
785 B
Plaintext
Listen 443 https
|
|
<VirtualHost *:443>
|
|
ServerName 10.60.0.1
|
|
DocumentRoot /var/www/html
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/httpd/ssl/apache.crt
|
|
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
|
|
SSLCACertificateFile /etc/httpd/ssl/ca.crt
|
|
|
|
# Mutual Authentication (Client Cert)
|
|
SSLVerifyClient require
|
|
SSLVerifyDepth 1
|
|
|
|
# OCSP Validation against CA
|
|
SSLOCSPEnable on
|
|
SSLOCSPDefaultResponder "http://10.60.0.1:8888"
|
|
SSLOCSPOverrideResponder on
|
|
SSLOCSPUseRequestNonce off
|
|
|
|
# PAM + TOTP Authentication
|
|
<Location "/">
|
|
AuthType Basic
|
|
AuthName "Enter UNIX Password + Google Authenticator Code"
|
|
AuthBasicProvider PAM
|
|
AuthPAMService httpd-totp
|
|
Require valid-user
|
|
</Location>
|
|
</VirtualHost>
|