cpechana: Adding SSL Support to Apache

วันอังคารที่ 30 มีนาคม พ.ศ. 2553

Adding SSL Support to Apache

Installing

I first need to install the mod_ssl library.

#yum install mod_ssl

Configuring Apache

My httpd.conf includes all the files from conf.d/*.conf. I took advantage of this and created a conf.d/ssl.conf file. My ssl.conf file contains the following:

==============================================

LoadModule ssl_module modules/mod_ssl.so
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  512
SSLRandomSeed connect builtin

SSLCryptoDevice builtin
ServerName ssl.domain.com

DocumentRoot /home/site/html

ScriptAlias /cgi-bin /home/site/cgi-bin

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/httpd/conf/ssl/ssl.crt/ssl.domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/ssl.key/ssl.domain.com.key
SSLCertificateChainFile /etc/httpd/conf/ssl/ssl.crt/godaddy_intermediate_bundle.crt

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /home/site/logs/access.log combined
==========================================================

cpechana

วันอังคารที่ 30 มีนาคม พ.ศ. 2553

Adding SSL Support to Apache

Installing

Configuring Apache

คลังบทความของบล็อก

ผู้ติดตาม