1 LoadModule ssl_module lib/apache/libssl.so
4 ##--------------------------------------------------------------------------
5 ## Add additional SSL configuration directives which provide a
6 ## robust default configuration: virtual server on port 443
8 ##--------------------------------------------------------------------------
12 ## When we also provide SSL we have to listen to the
13 ## standard HTTP port (see above) and to the HTTPS port
20 ## All SSL configuration in this context applies both to
21 ## the main server and all SSL-enabled virtual hosts.
25 # Some MIME-types for downloading Certificates and CRLs
27 AddType application/x-x509-ca-cert .crt
28 AddType application/x-pkcs7-crl .crl
31 # Configure the pass phrase gathering process.
32 # The filtering dialog program (`builtin' is a internal
33 # terminal dialog) has to provide the pass phrase on stdout.
34 SSLPassPhraseDialog builtin
36 # Inter-Process Session Cache:
37 # Configure the SSL Session Cache: First either `none'
38 # or `dbm:/path/to/file' for the mechanism to use and
39 # second the expiring timeout (in seconds).
41 #SSLSessionCache dbm:logs/ssl_scache
42 SSLSessionCache shm:/var/run/ssl_scache(512000)
43 SSLSessionCacheTimeout 300
46 # Configure the path to the mutual explusion semaphore the
47 # SSL engine uses internally for inter-process synchronization.
48 SSLMutex file:/var/run/ssl_mutex
50 # Pseudo Random Number Generator (PRNG):
51 # Configure one or more sources to seed the PRNG of the
52 # SSL library. The seed data should be of good random quality.
53 SSLRandomSeed startup builtin
54 SSLRandomSeed connect builtin
55 #SSLRandomSeed startup file:/dev/random 512
56 #SSLRandomSeed startup file:/dev/urandom 512
57 #SSLRandomSeed connect file:/dev/random 512
58 #SSLRandomSeed connect file:/dev/urandom 512
61 # The home of the dedicated SSL protocol logfile. Errors are
62 # additionally duplicated in the general error log file. Put
63 # this somewhere where it cannot be used for symlink attacks on
64 # a real server (i.e. somewhere where only root can write).
65 # Log levels are (ascending order: higher ones include lower ones):
66 # none, error, warn, info, trace, debug.
67 SSLLog /var/log/httpd/ssl_engine_log
70 <VirtualHost _default_:443>
72 #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
73 SSLCertificateFile /etc/httpd/server.crt
74 SSLCertificateKeyFile /etc/httpd/server.key
75 #SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
76 #SSLCACertificatePath /etc/httpd/conf/ssl.crt
77 #SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
78 #SSLCARevocationPath /etc/httpd/conf/ssl.crl
79 #SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
80 #SSLVerifyClient require
83 #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
84 <Files ~ "\.(cgi|shtml)$">
85 SSLOptions +StdEnvVars
87 <Directory "/home/httpd/html/cgi-bin">
88 SSLOptions +StdEnvVars
90 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
91 CustomLog /var/log/httpd/ssl_request_log \
92 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"