--- loncom/loncapa.conf	2003/05/08 22:08:18	1.8
+++ loncom/loncapa.conf	2004/05/26 10:17:49	1.9
@@ -1,7 +1,7 @@
 ##
 ## loncapa.conf -- Apache HTTP LON-CAPA configuration file
 ##
-## $Id: loncapa.conf,v 1.8 2003/05/08 22:08:18 albertel Exp $
+## $Id: loncapa.conf,v 1.9 2004/05/26 10:17:49 foxr Exp $
 ##
 
 # ======================================= Machine Specific / Perl Configuration
@@ -39,3 +39,68 @@ PerlSetVar       lonExpire    {[[[[lonEx
 # Key to issue receipts
  
 PerlSetVar	 lonReceipt   {[[[[lonReceipt]]]]}
+
+#
+#   The variables below control the behavior of secure lond:
+#
+#
+
+#  londAllowInsecure allows lond to fall back to insecure connections
+#  in the event its peer is not yet updated to secure lonc.
+#  If you are certain all the systems you are communicating with
+#  are using secure lonc, uncomment the first definition and
+#  comment the second.
+
+# PerlSetVar londAllowInsecure {[[[[0]]]]}
+PerlSetVar londAllowInsecure {[[[[1]]]]}
+
+# loncAllowInsecure allows lonc to fall back to negotiating an insecure
+# connection with lond in the event the peer is not yet a secure lond.
+# If you are certain that all systems you are communicating with 
+# are using secure lond, uncomment the next line and comment the
+# second:
+
+# PerlSetVar loncAllowInsecure {[[[[0]]]]}
+PerlSetVar   loncAllowInsecure {[[[[1]]]]}
+
+#
+#   Secure lond/lonc require ssl certificate and private
+#   key files to function correctly.  The certificate
+#   files need not be terribly secure, but the private key files
+#   should be set up so that only www (the lonc/lond effective user)
+#   can read them.
+# 
+#   The definition below is the full path to the directory that
+#   contains the certificate and key files:
+#
+PerlSetVar lonCertificateDirectory {[[[[/home/httpd/lonCerts]]]]}
+
+#
+#  Secure lond/lonc require two certificates and a private host key.
+#  The certificates required are that of the lonCAPA certificate authority
+#  and the certificate that authority issued to this host.
+#  lonnetCertificateAuthority is the name of the file that contains the
+#                            lonCAPA certificate authority's certificate.
+#  lonnetCertificate is the name of the file that contains the certificate
+#                    issued to the host by the certificate authority.
+#  Both of these variables are names of files assumed to be in 
+#  lonCertificateDirectory:
+
+PerlSetVar lonnetCertificateAuthority {[[[[loncapaCA.pem]]]]}
+PerlSetVar lonnetCertificate          {[[[[lonhostcert.pem]]]]}
+
+#
+#  To generate the request for a certificate, and to negotiate the
+#  initial ssl connection, the host requires a private key.  This key
+#  is created at lonCAPA install time.  Did we mention above that it
+#  should be set so that only www can read it?  The variale below
+#  is the name of the file relative to lonnetCertificateDirectory
+#  that has the host's private key.  Did we remember to tell you to
+#  keep the permissions on that file set to rw-------  (0600)?
+#  
+
+PerlSetVar lonnetPrivateKey         {[[[[lonKey.pem]]]]}
+
+# Did we mention that the file described above must have
+# permissions really locked down so that it can't be stolen?
+
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 root@localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>
