SquaresDB: At least verify the CA is valid

[sysconfig/apache2.git] / sites-available / mit-proxy.conf

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b6cd08173cc61dd9262be7e0747cc236ca201848..b3d06f6e24c184f617e01894426f40001cddd1cb 100644 (file)
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -14,6 +14,9 @@
 <VirtualHost *:443>
     ServerName squaresdb.dehnerts.com
     SSLProxyEngine on
+    SSLProxyVerify require
+    SSLProxyVerifyDepth 2
+    SSLProxyCACertificatePath /etc/ssl/certs
     # Really I want to validate that the name matches squaresdb.dehnerts.com,
     # but apparently that's not a thing, AFAICT.
     SSLProxyCheckPeerName off