====== Apache SSL ======

  * [[Apache]]
  * [[Apache Security]]
  * [[OpenSSL]]
  * [[PCI Compliance]]
  * [[SSL Certificates]]

==== Configuration ====

Install certificate files:

<code>
SSLCertificateFile /etc/ssl/certs/domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle
</code>

A bare-bones SSL-enabled VirtualHost entry:

<code>
Listen 443
<VirtualHost _default_:443>
        ServerName domain.com
        DocumentRoot /var/www/localhost/htdocs
        <Directory "/var/www/localhost/htdocs">
                Options Indexes FollowSymLinks
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>
        SSLEngine on 
        SSLProtocol -all +SSLv3 +TLSv1
        SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM
        SSLCertificateFile /etc/ssl/certs/domain.com.crt
        SSLCertificateKeyFile /etc/ssl/private/private.key
        SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory "/var/www/localhost/cgi-bin">
                SSLOptions +StdEnvVars          
        </Directory>
        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
</VirtualHost>
</code>

=== SSL Virtual Hosts ===

In Ubuntu, Apache does not use Virtual Hosts by default.  To change this, edit ''/etc/apache2/ports.conf'' and add ''NameVirtualHost *:443'' to the SSL config.

Then, in ''/etc/apache2/sites-available/default-ssl'' change VirtualHost directive from ''_default_:443'' to ''*:443''

==== Examples ====

== Redirect site to HTTPS ==

<code>RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}</code>