Listen 443 https
<VirtualHost *:443>
    ServerName 10.60.0.2
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/apache.crt
    SSLCertificateKeyFile /etc/httpd/ssl/apache.key
    SSLCACertificateFile /etc/httpd/ssl/ca.crt

    # Mutual Authentication (Client Cert)
    SSLVerifyClient require
    SSLVerifyDepth 1

    # OCSP Validation against CA
    SSLOCSPEnable on
    SSLOCSPDefaultResponder "http://10.60.0.1:8888"
    SSLOCSPOverrideResponder on

    # PAM + TOTP Authentication
    <Location "/">
        AuthType Basic
        AuthName "Enter UNIX Password + Google Authenticator Code"
        AuthBasicProvider PAM
        AuthPAMService httpd-totp
        Require valid-user
    </Location>
</VirtualHost>