no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


apache_ssl [2012/05/08 17:38] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Apache SSL ======
  
 +  * [[Apache]]
 +  * [[Apache Security]]
 +  * [[OpenSSL]]
 +  * [[PCI Compliance]]
 +  * [[SSL Certificates]]
 +
 +==== Configuration ====
 +
 +Install certificate files:
 +
 +<code>
 +SSLCertificateFile /etc/ssl/certs/domain.com.crt
 +SSLCertificateKeyFile /etc/ssl/private/private.key
 +SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle
 +</code>
 +
 +A bare-bones SSL-enabled VirtualHost entry:
 +
 +<code>
 +Listen 443
 +<VirtualHost _default_:443>
 +        ServerName domain.com
 +        DocumentRoot /var/www/localhost/htdocs
 +        <Directory "/var/www/localhost/htdocs">
 +                Options Indexes FollowSymLinks
 +                AllowOverride All
 +                Order allow,deny
 +                Allow from all
 +        </Directory>
 +        SSLEngine on 
 +        SSLProtocol -all +SSLv3 +TLSv1
 +        SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM
 +        SSLCertificateFile /etc/ssl/certs/domain.com.crt
 +        SSLCertificateKeyFile /etc/ssl/private/private.key
 +        SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle
 +        <FilesMatch "\.(cgi|shtml|phtml|php)$">
 +                SSLOptions +StdEnvVars
 +        </FilesMatch>
 +        <Directory "/var/www/localhost/cgi-bin">
 +                SSLOptions +StdEnvVars          
 +        </Directory>
 +        BrowserMatch ".*MSIE.*" \
 +                nokeepalive ssl-unclean-shutdown \
 +                downgrade-1.0 force-response-1.0
 +</VirtualHost>
 +</code>
 +
 +=== SSL Virtual Hosts ===
 +
 +In Ubuntu, Apache does not use Virtual Hosts by default.  To change this, edit ''/etc/apache2/ports.conf'' and add ''NameVirtualHost *:443'' to the SSL config.
 +
 +Then, in ''/etc/apache2/sites-available/default-ssl'' change VirtualHost directive from ''_default_:443'' to ''*:443''
 +
 +==== Examples ====
 +
 +== Redirect site to HTTPS ==
 +
 +<code>RewriteEngine On
 +RewriteCond %{HTTPS} off
 +RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}</code>

Trace:

Navigation
QR Code
QR Code apache_ssl (generated for current page)