WSGIScriptAlias / /usr/share/unfold/myslice/wsgi.py Order deny,allow Allow from all Alias /static/ /usr/share/unfold/static/ Order deny,allow Allow from all # This port (not necessarily well picked) is configured # with client-certificate required # corresponding trusted roots (e.g. ple.gid and plc.gid) should be # configured in /etc/unfold/trusted_roots # check Jordan's email and pointer to trac, although we do not want # this to be optional on that port WSGIScriptAlias / /usr/share/unfold/myslice/wsgi.py Order deny,allow Allow from all Alias /static/ /usr/share/unfold/static/ Order deny,allow Allow from all SSLEngine on SSLVerifyClient require SSLVerifyDepth 5 # make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env. SSLCACertificatePath /etc/unfold/trusted_roots # see init-ssl.sh for how to create self-signed stuff in here SSLCertificateFile /etc/unfold/myslice.cert SSLCertificateKeyFile /etc/unfold/myslice.key # SSLOptions +StdEnvVars +ExportCertData SSLOptions +StdEnvVars