Permalink
Browse files

Improves the SSL cookbook. It was not clear enough how to enable SSL.

Thanks a million to Dale (dale.liszka@gmail.com) for the patch.

git-svn-id: svn://cherokee-project.com/cherokee/trunk@6803 5dc97367-97f1-0310-9951-d761b3857238
  • Loading branch information...
1 parent cdc2f7d commit 693d372a973260560e6243247659af5cdcb421ea @alobbs alobbs committed Aug 12, 2011
Showing with 29 additions and 0 deletions.
  1. +1 −0 doc/Makefile.am
  2. +28 −0 doc/cookbook_ssl.txt
  3. BIN doc/media/images/admin_vserver_security_ssl.png
View
@@ -185,6 +185,7 @@ media/images/admin_vserver_errors.png \
media/images/admin_vserver_loggers.png \
media/images/admin_vserver.png \
media/images/admin_vserver_security.png \
+media/images/admin_vserver_security_ssl.png \
media/images/admin_vserver_evhost.png \
media/images/admin_handler_proxy.png \
media/images/cookbook_django_common.png \
View
@@ -6,6 +6,34 @@ Cookbook: SSL, TLS and certificates
This section answers some general questions and details the procedure
to generate SSL keys.
+[[configure-vserver-ssl-certificates]]
+Configure vServer SSL Certificates
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To start serving HTTPS traffic from Cherokee you will have to
+link:#ssl-support[enable SSL support] and obtain a
+link:#free-certificates[signed certificate] (or
+link:#self_sign[signed your own]). Ensure that the certificate files
+have the appropriate permissions for your OS and that you know the locations
+of the following:
+
+ . Signed Certificate file
+ . Private Key file used to generate CSR for the above
+ . CA List or Chain file (Optional, depending on signing authority of your certificate)
+
+All files should be generated using PEM-encoding.
+
+.Configuration
+
+Certificates are configured at the vServer level in the *Security* tab. *This
+means you must have a vServer setup that corresponds to your Certificate's
+security scope*. Enter the full paths for your Certificate and corresponding Private
+Key file. To add a certificate chain file to you CA List set *Client Certs. Request*
+to _Accept_ then put the full path to your chain file in the _CA List_ box.
+
+image::media/images/admin_vserver_security_ssl.png[Virtual Server - Security]
+
+
[[general]]
General questions
~~~~~~~~~~~~~~~~~
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 693d372

Please sign in to comment.