Aus NeoWiki
Diese Seite wird nicht mehr weiter gepflegt!
HTACCESS
HTTPS
Selbstsigniertes Zertifikat erzeugen
- openssl genrsa -out server_priv.key 2048
- openssl rsa -in server_priv.key -out server.key
- openssl req -new -x509 -key server.key -out server.crt -days 1095
Apache base ssl config
NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin webmaster@neo-soft.org
ServerName web.neo-soft.org
DocumentRoot /var/www/https
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/https/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/https/cgi-bin/
<Directory "/var/www/https/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/ssl_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl.log combined
ServerSignature On
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/lib/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Siehe auch
