GnuTLSEnable on
GnuTLSSessionTickets on
GnuTLSPriorities NORMAL
GnuTLSCertificateFile /etc/ssl/certs/apache2+cacert.org.pem
GnuTLSKeyFile /etc/ssl/private/apache2.pem

# HSTS: http://www.debian-administration.org/articles/662
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"