Forum OpenACS Q&A: Re: getting nsopenssl to work with aolserver 4 - config.tcl options?

thanks, okay i've got it working. in case anybody else is interested here is the ssl section of my config file. You need to create the files /var/lib/aolserver/service0/etc/certs/certfile.pem and /var/lib/aolserver/service0/etc/certs/keyfile.pem. Also you need to uncomment the line
ns_param   nsopenssl          ${bindir}/nsopenssl.so
in your config file and then add and nsopenssl section as below.

#---------------------------------------------------------------------
#
# OpenSSL, nsopenssl and aolserver 4
#
#---------------------------------------------------------------------
#
# SSL contexts. Define the ssl contexts for this server.

ns_section "ns/server/${server}/module/nsopenssl/sslcontexts"
ns_param ssl_incoming_requests_context   "SSL context used for regular user access to the website"
ns_param ssl_outgoing_context            "SSL context used for outgoing script socket connections"

ns_section "ns/server/${server}/module/nsopenssl/defaults"
ns_param server               ssl_incoming_requests_context
ns_param client               ssl_outgoing_context

ns_section "ns/server/${server}/module/nsopenssl/sslcontext/ssl_incoming_requests_context"
ns_param Role                  server
ns_param ModuleDir             ${serverroot}/etc/certs
ns_param CertFile              certfile.pem
ns_param KeyFile               keyfile.pem
#ns_param CADir                 ca-client/dir
#ns_param CAFile                ca-client/ca-client.crt
ns_param Protocols             "SSLv3, TLSv1"
ns_param CipherSuite           "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify            false
ns_param PeerVerifyDepth       3
ns_param Trace                 true

# SSL drivers. Each driver defines a port and a named SSL context to associate with it.

ns_section "ns/server/${server}/module/nsopenssl/ssldrivers"
ns_param ssl_incoming_requests_driver "Driver for regular user access to the website"

ns_section "ns/server/${server}/module/nsopenssl/ssldriver/ssl_incoming_requests_driver"
ns_param sslcontext            ssl_incoming_requests_context
ns_param port                  $httpsport
ns_param hostname              $hostname
ns_param address               $address