Differences

This shows you the differences between two versions of the page.

Link to this comparison view

apache_ssl [2012/05/08 11:38] (current)
Line 1: Line 1:
 +====== Apache SSL ======
  
 +  * [[Apache]]
 +  * [[Apache Security]]
 +  * [[OpenSSL]]
 +  * [[PCI Compliance]]
 +  * [[SSL Certificates]]
 +
 +==== Configuration ====
 +
 +Install certificate files:
 +
 +<​code>​
 +SSLCertificateFile /​etc/​ssl/​certs/​domain.com.crt
 +SSLCertificateKeyFile /​etc/​ssl/​private/​private.key
 +SSLCertificateChainFile /​etc/​ssl/​certs/​domain.com.cabundle
 +</​code>​
 +
 +A bare-bones SSL-enabled VirtualHost entry:
 +
 +<​code>​
 +Listen 443
 +<​VirtualHost _default_:​443>​
 +        ServerName domain.com
 +        DocumentRoot /​var/​www/​localhost/​htdocs
 +        <​Directory "/​var/​www/​localhost/​htdocs">​
 +                Options Indexes FollowSymLinks
 +                AllowOverride All
 +                Order allow,deny
 +                Allow from all
 +        </​Directory>​
 +        SSLEngine on 
 +        SSLProtocol -all +SSLv3 +TLSv1
 +        SSLCipherSuite ALL:​!aNULL:​!ADH:​!eNULL:​!LOW:​!EXP:​!EXPORT56:​RC4+RSA:​+HIGH:​+MEDIUM
 +        SSLCertificateFile /​etc/​ssl/​certs/​domain.com.crt
 +        SSLCertificateKeyFile /​etc/​ssl/​private/​private.key
 +        SSLCertificateChainFile /​etc/​ssl/​certs/​domain.com.cabundle
 +        <​FilesMatch "​\.(cgi|shtml|phtml|php)$">​
 +                SSLOptions +StdEnvVars
 +        </​FilesMatch>​
 +        <​Directory "/​var/​www/​localhost/​cgi-bin">​
 +                SSLOptions +StdEnvVars ​         ​
 +        </​Directory>​
 +        BrowserMatch "​.*MSIE.*"​ \
 +                nokeepalive ssl-unclean-shutdown \
 +                downgrade-1.0 force-response-1.0
 +</​VirtualHost>​
 +</​code>​
 +
 +=== SSL Virtual Hosts ===
 +
 +In Ubuntu, Apache does not use Virtual Hosts by default. ​ To change this, edit ''/​etc/​apache2/​ports.conf''​ and add ''​NameVirtualHost *:​443''​ to the SSL config.
 +
 +Then, in ''/​etc/​apache2/​sites-available/​default-ssl''​ change VirtualHost directive from ''​_default_:​443''​ to ''​*:​443''​
 +
 +==== Examples ====
 +
 +== Redirect site to HTTPS ==
 +
 +<​code>​RewriteEngine On
 +RewriteCond %{HTTPS} off
 +RewriteRule (.*) https://​%{HTTP_HOST}%{REQUEST_URI}</​code>​