I put this in my virtual host config file:
Code: Select all
<VirtualHost my.ip.address:443>
# SERVER SIDE SSL SETTINGS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLHonorCipherOrder on
SSLCompression off
ServerSignature Off
AcceptPathInfo Off
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/pdf
AddDefaultCharset UTF-8
SSLOptions +StrictRequire
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/my.domain.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/my.domain.com/chain.pem
# CLIENT SIDE CERTIFICATION SETTINGS
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
SSLCACertificateFile /home/USER/path/to/Custom_CA-cacert.pem
# VHOST SETTINS
ServerName my.domain.com
DocumentRoot /var/www/ttrss/
<Directory /var/www/ttrss/>
Options +FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error-ttrss.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
</VirtualHost>
This resulted in the ability to register my client certificate with TTRss. When I log out and restart Chrome I am prompted to associate my certificate with the VHOST, but then TTRss still asks me for a password. There is nothing in the error-ttrss.log (that I can identify) that gives me any clue.
How should I move forward form here?