i n f r a d i g


SSL/TSL directive
 
Meaning
(can occur in any file)
  
CAFILE filenameFilename of the CA's public key for SSL use
CAPATH filenamePathname to the CAFILE and client certificates
CRLPATH filenamePathname to certificate revokation list (CRL)
KEYFILE filenameFilename of public key for SSL use
CERTFILE filenameFilename of digital certificate for SSL use
LEVEL 0Set the SSL/TSL security level required to gain access

CAFILE filename

The file-spec of an RSA key file in PEM format. This is the CA's certificate.

CAPATH pathname

The path to where the CA file can be found, and where client certificates are stored.

CRLPATH pathname

The path to where the certificate revokation list (CRL) is stored.

KEYFILE filename

The file-spec of an RSA key file in PEM format. There is a test key provided with the SSL release called 'testkey.pem' that can be used temporarily. The key file is used to generate certificate requests (CSR) that must be signed by a Certifying Authority (CA) such as Verisign. See the separarate document 'ssl.txt' for details on how to create keys, certificate requests and (possibly) sign certificates yourself. Note: if you wish to operate a closed system (ie. you control the accounts, such as a corporate Intranet or ISP) then self-signed certificates are fine, you don't need to give companies such as Verisign large amounts of money annually for doing what is essentially a trivial task.

CERTFILE filename

The file-spec of a digital-certificate file in PEM format. There is a matching test certiciate provided with the SSL release called 'testcert.pem' that can be used temporarily. It is a self-signed certificate from a publicly available key file with no pass-phrase and thus has precisiely zero trust level.

LEVEL [0|1|2]

A level of '0' implies that a client certificate is optional and the connection is being used for encryption only and not authentication. A level of '1' implies that a client certificate is required to gain secure access but that normal login is still required afterwards for authentication . A level of '2' implies that a client certificate is required to both gain access and to provide authentication, no login is required afterwards.