# ssl.conf config file for Apache with mod_ssl LoadModule ssl_module modules/mod_ssl.so Listen 444 # Some MIME-types for downloading Certificates and CRLs AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin # Inter-Process Session Cache: SSLSessionCache dbm:/var/cache/mod_ssl/scache SSLSessionCacheTimeout 300 # Semaphore: SSLMutex file:logs/ssl_mutex # Pseudo Random Number Generator (PRNG): SSLRandomSeed startup builtin SSLRandomSeed connect builtin ## SSL Virtual Host Context DocumentRoot "/var/www/SSL" ServerName mars.vanemery.com:444 ServerAdmin webmaster@vanemery.com ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log SSLEngine on # SSL Cipher Suite: SSLCipherSuite HIGH:MEDIUM # Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2. SSLProtocol all -SSLv2 # Server Certificate: SSLCertificateFile /etc/httpd/conf/ssl.crt/mars-server.crt # Server Private Key: SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mars-server.key # Server Certificate Chain: SSLCertificateChainFile /etc/httpd/conf/ssl.crt/my-ca.crt # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf/ssl.crt/my-ca.crt SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # This is needed so that you can use auto-indexing for some directories in the # /var/www/SSL directory branch. This can be handy if you would like to have # a list of sensitive files for people to download. Options Indexes AllowOverride None Allow from from all Order allow,deny AuthType Basic AuthName "Username and Password Required" AuthUserFile /etc/httpd/.htpasswd Require valid-user SSLVerifyClient require SSLVerifyDepth 1 SSLVerifyClient require SSLVerifyDepth 1 AuthType Basic AuthName "Restricted Area" AuthUserFile /etc/httpd/.htpasswd Require valid-user