
Alias           /phpki        /opt/phpki/html/

# Main access allowed for valid user
<Directory /opt/phpki/html>
        AddType application/x-httpd-php .php
	Options FollowSymLinks
        php_flag register_globals off
        php_flag register_long_arrays on
        php_admin_value session.save_path /var/lib/php/pki-session
        php_admin_value openbase_dir /opt/phpki:/var/lib/php/pki-session
        AddType application/x-x509-ca-cert .crt  .pem
        AddType application/pkix-crl    .crl
        AddType application/pkix-cert   .cer .der
        AllowOverride None
        order deny,allow
        deny from all
        allow from 127.0.0.1
</Directory>

# /ca is only allowed for admin and explicitely authorized users
<Location /phpki/ca>
	AuthName "PHPKI Admin"
        AuthType Basic
        TKTAuthLoginURL /server-common/cgi-bin/login
        require user admin {getUsersList("phpki");}
{
        my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
        $OUT = "    TKTAuthTimeout $ManagerTimeout\n";
        my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
        $OUT .= "    TKTAuthCookieExpires $ManagerTimeout\n" if "$Cookie" eq "enabled";
        my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
        $OUT .= "    TKTAuthTimeoutRefresh $ManagerTimeoutReset\n";
}
        Satisfy all
</Location>

# Disable access to /admin, which is used to configure user/password 
# via an htaccess file
<Directory /opt/phpki/html/admin>
	order deny,allow
	deny from all
</Directory>

