

     ###################################################################################
     #                 ___ __  __ ____   ___  ____ _____  _    _   _ _____             #
     #                |_ _|  \/  |  _ \ / _ \|  _ \_   _|/ \  | \ | |_   _|            #
     #                 | || |\/| | |_) | | | | |_) || | / _ \ |  \| | | |              #
     #                 | || |  | |  __/| |_| |  _ < | |/ ___ \| |\  | | |              #
     #                |___|_|  |_|_|    \___/|_| \_\|_/_/   \_\_| \_| |_|              #
     #                                                                                 #
     ###################################################################################
     #                                                                                 #
     #  Summary                                                                        #
     #  =======                                                                        #
     #  The recommended and supported option to install new certificates into this     #
     #  directory is to use the ng-install-proxy-cert command as root:                 #
     #                                                                                 #
     #      ng-install-proxy-cert /path/to/crt+pkcs5-key.pem                           #
     #                                                                                 #
     #  This will create a suitable symbolic link to the file, DO NOT remove, rename   #
     #  or replace with invalid content the original file!  At best you will prevent   #
     #  your certificate from being loaded and at worst you will trigger an httpd      #
     #  failure at the next reload or restart
     #                                                                                 #
     #  Detailed Decription                                                            #
     #  ===================                                                            #
     #  This directory contains SSL certificate files to be used by httpd mod_proxy    #
     #  and mod_ocaproxy for authenticating to origin (upstream) servers.  It is not   #
     #  currently possible to restrict certificate usage based on virtualhost or       #
     #  destination server.                                                            #
     #                                                                                 #
     #  Files in this directory will be read by httpd at startup or on config          #
     #  reload only.  Per the httpd documentation all files in the directory should    #
     #  be named as <subject_hash>.<N> as per openssl c_rehash, see the command        #
     #  'openssl x509 -subject_hash -in /path/to/cert.pem' where the trailing          #
     #  .<N> is an integer incrementing from 0 to differentiate hash collisions.       #
     #                                                                                 #
     #  The files must contain a PEM encoded certificate file and it's associated      #
     #  private key in an unencrypted PKCS#5 (BEGIN RSA PRIVATE KEY) format and not    #
     #  PKCS#8 format (BEGIN PRIVATE KEY), violating these conditions will cause       #
     #  apache to fail at the next reload or restart of the service.                   #
     #                                                                                 #
     #  While the naming rules laid out in the httpd mod_ssl documentation should be   #
     #  followed, it is worth noting that *ALL* files in this directory will be read   #
     #  regardless of filename, and if they contain a PEM certificate but not a valid  #
     #  unecnrypted PKCS#5 key they will trigger the reload/restart failure,           #
     #  regardless of the filename                                                     #
     #                                                                                 #
     ###################################################################################


