Differences
This shows you the differences between two versions of the page.
apache_ssl [2012/05/08 11:38] |
apache_ssl [2012/05/08 11:38] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Apache SSL ====== | ||
+ | * [[Apache]] | ||
+ | * [[Apache Security]] | ||
+ | * [[OpenSSL]] | ||
+ | * [[PCI Compliance]] | ||
+ | * [[SSL Certificates]] | ||
+ | |||
+ | ==== Configuration ==== | ||
+ | |||
+ | Install certificate files: | ||
+ | |||
+ | <code> | ||
+ | SSLCertificateFile /etc/ssl/certs/domain.com.crt | ||
+ | SSLCertificateKeyFile /etc/ssl/private/private.key | ||
+ | SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle | ||
+ | </code> | ||
+ | |||
+ | A bare-bones SSL-enabled VirtualHost entry: | ||
+ | |||
+ | <code> | ||
+ | Listen 443 | ||
+ | <VirtualHost _default_:443> | ||
+ | ServerName domain.com | ||
+ | DocumentRoot /var/www/localhost/htdocs | ||
+ | <Directory "/var/www/localhost/htdocs"> | ||
+ | Options Indexes FollowSymLinks | ||
+ | AllowOverride All | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | </Directory> | ||
+ | SSLEngine on | ||
+ | SSLProtocol -all +SSLv3 +TLSv1 | ||
+ | SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM | ||
+ | SSLCertificateFile /etc/ssl/certs/domain.com.crt | ||
+ | SSLCertificateKeyFile /etc/ssl/private/private.key | ||
+ | SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle | ||
+ | <FilesMatch "\.(cgi|shtml|phtml|php)$"> | ||
+ | SSLOptions +StdEnvVars | ||
+ | </FilesMatch> | ||
+ | <Directory "/var/www/localhost/cgi-bin"> | ||
+ | SSLOptions +StdEnvVars | ||
+ | </Directory> | ||
+ | BrowserMatch ".*MSIE.*" \ | ||
+ | nokeepalive ssl-unclean-shutdown \ | ||
+ | downgrade-1.0 force-response-1.0 | ||
+ | </VirtualHost> | ||
+ | </code> | ||
+ | |||
+ | === SSL Virtual Hosts === | ||
+ | |||
+ | In Ubuntu, Apache does not use Virtual Hosts by default. To change this, edit ''/etc/apache2/ports.conf'' and add ''NameVirtualHost *:443'' to the SSL config. | ||
+ | |||
+ | Then, in ''/etc/apache2/sites-available/default-ssl'' change VirtualHost directive from ''_default_:443'' to ''*:443'' | ||
+ | |||
+ | ==== Examples ==== | ||
+ | |||
+ | == Redirect site to HTTPS == | ||
+ | |||
+ | <code>RewriteEngine On | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}</code> |