Signs any output & packages the result as CMS (pkcs#7).


Typical config:

  CMSSigningCertificate /etc/pki/certs/sign.cert

  # Optional - e.g. if above sign.cert already contains the key too.
  #
  # CMSSigningKey 	/etc/pki/certs/sign.key

  # Optional - normally contains the chain up to, but not including the CA.
  #
  # CMSAddCerts		/etc/pki/certs/chain.pem

  <Location /signed_files>
     SetOutputFilter cmssign
  </Locatin>

  # Or limit the siging to certain files
  # AddOutputFilter cmssign .txt


  <Location /somebackend>
     SetOutputFilter cmssign
     ProxyPass http:/.....
  </Location>

# And check this with something like

	curl --silent http://localhost:8080/ | openssl cms -verify -inform DER -CAfile /etc/pki/certs/sign.cert
or
	curl --silent http://localhost:8080/ | openssl pkcs7 -inform DER -noout -print

In addition one can also set the flag:

	CMSSigningOutputFormat  JSON

in which case a simple JSON consisting of

	{ 
          "payload":".. base64 ..",
          "signature":"... base64 .."
        }

will be output. The signature is a detached signature this time; of the decoded base64 of the payload. The signature is
again a DER formatted CMS/PKCS#7; but detached this time.