diff options
| -rw-r--r-- | apache2/conf-available/local-ssl.conf | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/apache2/conf-available/local-ssl.conf b/apache2/conf-available/local-ssl.conf new file mode 100644 index 0000000..ae0d6fa --- /dev/null +++ b/apache2/conf-available/local-ssl.conf @@ -0,0 +1,25 @@ +SSLEngine on +#SSLCertificateFile /etc/ssl/certs/apache2.pem +#SSLCertificateKeyFile /etc/ssl/private/apache2.pem +SSLCACertificatePath /etc/ssl/certs/ +#SSLCARevocationPath /etc/apache2/ssl.crl/ +#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + +#SSLVerifyClient require +#SSLVerifyDepth 10 + +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire +<FilesMatch "\.(cgi|shtml|phtml|php)$"> + SSLOptions +StdEnvVars +</FilesMatch> +<Directory /usr/lib/cgi-bin> + SSLOptions +StdEnvVars +</Directory> + +BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 +# MSIE 7 and newer should be able to use keepalive +BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + +#CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" |