[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] details to configure SKS https web interface
From: |
Daniel Kahn Gillmor |
Subject: |
Re: [Sks-devel] details to configure SKS https web interface |
Date: |
Sat, 07 Mar 2009 19:30:20 -0500 |
User-agent: |
Mozilla-Thunderbird 2.0.0.19 (X11/20090103) |
On 03/07/2009 03:03 PM, Joseph Oreste Bruni wrote:
> On Mar 7, 2009, at 8:11 AM, Gab wrote:
>> I wish to in https ssl the sks web interface .
>> What are the directives for cert.pem and key.pem and to enable ssl ?
>
> I don't believe that the built-in web server supports SSL. However, you
> could front-end SKS with Apache configured as a proxy.
We're currently doing this on zimmermann with nginx providing the
front-layer proxy (still using X.509-certified TLS, unfortunately). The
configuration snippet looks like this:
> server {
> listen 443;
> listen 11372;
> server_name zimmermann.mayfirst.org;
> ssl on;
> ssl_certificate /etc/ssl/certs/zimmermann.mayfirst.org-cert.pem;
> ssl_certificate_key /etc/ssl/private/zimmermann.mayfirst.org-key.pem;
> access_log off;
>
> location / {
> proxy_pass http://localhost:11371/;
> }
> }
We chose to listen on port 443 so people could browse to it with
https://zimmermann.mayfirst.org/ (the X.509 certificate offered here is
signed by a private certificate authority [0], which i have also
signed, if you care to certify it)
We also are listening on port 11372 because this seems to be the choice
of gnupg maintainers for hkp-over-tls (hkps?), according to this recent
(as yet unreleased) patch to gpg:
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c?root=GnuPG&rev=4924&r1=4878&r2=4924
hope this is useful, and i'm happy to explain more details if folks are
interested.
--dkg
[0] https://support.mayfirst.org/wiki/mfpl_certificate_authority
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] details to configure SKS https web interface, Gab, 2009/03/07
- Re: [Sks-devel] details to configure SKS https web interface, Joseph Oreste Bruni, 2009/03/07
- Re: [Sks-devel] details to configure SKS https web interface,
Daniel Kahn Gillmor <=
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/07
- Re: [Sks-devel] details to configure SKS https web interface, Daniel Kahn Gillmor, 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/09
- Re: [Sks-devel] details to configure SKS https web interface, Christoph Anton Mitterer, 2009/03/10
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/10
- Re: [Sks-devel] details to configure SKS https web interface, Kiss Gabor (Bitman), 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, Christoph Anton Mitterer, 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, Kiss Gabor (Bitman), 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/08
- [Sks-devel] Re: details to configure SKS https web interface, Gab, 2009/03/13