2018-03-14 17:08:59 -05:00
|
|
|
# VERSION 13 - DO NOT REMOVE THIS LINE
|
2011-09-09 16:07:09 -05:00
|
|
|
|
2011-08-17 14:36:18 -05:00
|
|
|
ProxyRequests Off
|
|
|
|
|
|
|
|
# matches for ee port
|
2014-03-20 03:34:53 -05:00
|
|
|
<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange|^/ca/ee/ca/getCRL|^/ca/ee/ca/profileSubmit">
|
2018-01-08 12:56:24 -06:00
|
|
|
SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
|
|
|
|
SSLVerifyClient none
|
2012-08-23 11:38:45 -05:00
|
|
|
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
|
|
|
|
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
|
2011-08-17 14:36:18 -05:00
|
|
|
</LocationMatch>
|
|
|
|
|
2012-08-15 21:53:51 -05:00
|
|
|
# matches for admin port and installer
|
2015-06-08 00:30:47 -05:00
|
|
|
<LocationMatch "^/ca/admin/ca/getCertChain|^/ca/admin/ca/getConfigEntries|^/ca/admin/ca/getCookie|^/ca/admin/ca/getStatus|^/ca/admin/ca/securityDomainLogin|^/ca/admin/ca/getDomainXML|^/ca/admin/ca/updateNumberRange|^/ca/admin/ca/tokenAuthenticate|^/ca/admin/ca/updateNumberRange|^/ca/admin/ca/updateDomainXML|^/ca/admin/ca/updateConnector|^/ca/admin/ca/getSubsystemCert|^/kra/admin/kra/updateNumberRange|^/kra/admin/kra/getConfigEntries">
|
2018-01-08 12:56:24 -06:00
|
|
|
SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
|
|
|
|
SSLVerifyClient none
|
2012-08-23 11:38:45 -05:00
|
|
|
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
|
|
|
|
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
|
2011-08-17 14:36:18 -05:00
|
|
|
</LocationMatch>
|
|
|
|
|
|
|
|
# matches for agent port and eeca port
|
2015-06-08 00:30:47 -05:00
|
|
|
<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector">
|
2018-01-08 12:56:24 -06:00
|
|
|
SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
|
|
|
|
SSLVerifyClient require
|
2012-08-23 11:38:45 -05:00
|
|
|
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
|
|
|
|
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
|
2011-08-17 14:36:18 -05:00
|
|
|
</LocationMatch>
|
2012-10-09 09:40:20 -05:00
|
|
|
|
2015-06-08 00:30:47 -05:00
|
|
|
# matches for CA REST API
|
2017-06-14 16:19:41 -05:00
|
|
|
<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/installer/installToken|^/ca/rest/securityDomain/domainInfo|^/ca/rest/securityDomain/installToken|^/ca/rest/profiles|^/ca/rest/authorities|^/ca/rest/certrequests|^/ca/rest/admin/kraconnector/remove|^/ca/rest/certs/search">
|
2018-01-08 12:56:24 -06:00
|
|
|
SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
|
|
|
|
SSLVerifyClient optional
|
2015-06-05 04:02:58 -05:00
|
|
|
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
|
|
|
|
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
|
|
|
|
</LocationMatch>
|
|
|
|
|
2015-06-08 00:30:47 -05:00
|
|
|
# matches for KRA REST API
|
|
|
|
<LocationMatch "^/kra/rest/config/cert/transport|^/kra/rest/account|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys">
|
2018-01-08 12:56:24 -06:00
|
|
|
SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
|
|
|
|
SSLVerifyClient optional
|
2015-04-29 05:07:58 -05:00
|
|
|
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
|
|
|
|
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
|
|
|
|
</LocationMatch>
|
|
|
|
|
2012-10-09 09:40:20 -05:00
|
|
|
# Only enable this on servers that are not generating a CRL
|
2018-03-14 17:08:59 -05:00
|
|
|
${CLONE}RewriteRule ^/ipa/crl/MasterCRL.bin http://$FQDN/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL [L,R=301,NC]
|