]>
Commit | Line | Data |
---|---|---|
e264b656 | 1 | LoadModule ssl_module modules/libssl.so |
0f26d055 | 2 | |
f30acac8 | 3 | <IfModule mod_ssl.c> |
0f26d055 JB |
4 | ##-------------------------------------------------------------------------- |
5 | ## Add additional SSL configuration directives which provide a | |
6 | ## robust default configuration: virtual server on port 443 | |
7 | ## which speaks SSL. | |
8 | ##-------------------------------------------------------------------------- | |
9 | ## | |
10 | ## SSL Support | |
11 | ## | |
f30acac8 | 12 | ## When we also provide SSL we have to listen to the |
0f26d055 JB |
13 | ## standard HTTP port (see above) and to the HTTPS port |
14 | ## | |
15 | Listen 443 | |
16 | ||
17 | ## | |
18 | ## SSL Global Context | |
19 | ## | |
20 | ## All SSL configuration in this context applies both to | |
21 | ## the main server and all SSL-enabled virtual hosts. | |
22 | ## | |
23 | ||
0f26d055 JB |
24 | # Pass Phrase Dialog: |
25 | # Configure the pass phrase gathering process. | |
26 | # The filtering dialog program (`builtin' is a internal | |
27 | # terminal dialog) has to provide the pass phrase on stdout. | |
e264b656 | 28 | SSLPassPhraseDialog builtin |
0f26d055 JB |
29 | |
30 | # Inter-Process Session Cache: | |
31 | # Configure the SSL Session Cache: First either `none' | |
32 | # or `dbm:/path/to/file' for the mechanism to use and | |
33 | # second the expiring timeout (in seconds). | |
e264b656 ER |
34 | #SSLSessionCache none |
35 | #SSLSessionCache dbm:logs/ssl_scache | |
36 | SSLSessionCache shm:/var/run/ssl_scache(512000) | |
37 | SSLSessionCacheTimeout 300 | |
0f26d055 JB |
38 | |
39 | # Semaphore: | |
40 | # Configure the path to the mutual explusion semaphore the | |
f30acac8 | 41 | # SSL engine uses internally for inter-process synchronization. |
0f26d055 JB |
42 | SSLMutex file:/var/run/ssl_mutex |
43 | ||
44 | # Pseudo Random Number Generator (PRNG): | |
f30acac8 | 45 | # Configure one or more sources to seed the PRNG of the |
0f26d055 JB |
46 | # SSL library. The seed data should be of good random quality. |
47 | SSLRandomSeed startup builtin | |
48 | SSLRandomSeed connect builtin | |
e264b656 | 49 | #SSLRandomSeed startup file:/dev/random 512 |
0f26d055 | 50 | #SSLRandomSeed startup file:/dev/urandom 512 |
e264b656 | 51 | #SSLRandomSeed connect file:/dev/random 512 |
0f26d055 JB |
52 | #SSLRandomSeed connect file:/dev/urandom 512 |
53 | ||
54 | # Logging: | |
55 | # The home of the dedicated SSL protocol logfile. Errors are | |
e264b656 | 56 | # additionally duplicated in the general error log file. Put |
0f26d055 JB |
57 | # this somewhere where it cannot be used for symlink attacks on |
58 | # a real server (i.e. somewhere where only root can write). | |
59 | # Log levels are (ascending order: higher ones include lower ones): | |
60 | # none, error, warn, info, trace, debug. | |
e264b656 | 61 | SSLLog logs/ssl_engine_log |
0f26d055 JB |
62 | SSLLogLevel info |
63 | ||
64 | <VirtualHost _default_:443> | |
65 | SSLEngine on | |
66 | #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL | |
cd04f2d5 | 67 | SSLCertificateFile /etc/apache/server.crt |
68 | SSLCertificateKeyFile /etc/apache/server.key | |
69 | #SSLCertificateChainFile /etc/apache/conf/ssl.crt/ca.crt | |
70 | #SSLCACertificatePath /etc/apache/conf/ssl.crt | |
71 | #SSLCACertificateFile /etc/apache/conf/ssl.crt/ca-bundle.crt | |
72 | #SSLCARevocationPath /etc/apache/conf/ssl.crl | |
73 | #SSLCARevocationFile /etc/apache/conf/ssl.crl/ca-bundle.crl | |
0f26d055 | 74 | #SSLVerifyClient require |
e264b656 | 75 | #SSLVerifyDepth 10 |
0f26d055 JB |
76 | |
77 | #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire | |
78 | <Files ~ "\.(cgi|shtml)$"> | |
e264b656 | 79 | SSLOptions +StdEnvVars |
0f26d055 | 80 | </Files> |
cd04f2d5 | 81 | <Directory "/home/services/apache/html/cgi-bin"> |
e264b656 | 82 | SSLOptions +StdEnvVars |
0f26d055 | 83 | </Directory> |
00570972 ER |
84 | |
85 | <IfModule mod_setenvif.c> | |
e264b656 | 86 | SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown |
00570972 ER |
87 | </IfModule> |
88 | ||
928b2984 ER |
89 | #<IfModule mod_log_config.c> |
90 | # CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
91 | # # enable common log too, otherwise you be suprised of no access logs | |
92 | # CustomLog logs/access_log common | |
93 | #</IfModule> | |
0f26d055 | 94 | |
f30acac8 ER |
95 | </VirtualHost> |
96 | ||
97 | </IfModule> |