ubuntuusers.de

Titel:
apache ssl
Datum:
11. Juli 2012 10:13
Aktionen:
Code:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# ------------
# enabling ssl
# ------------
# create self-signed certificate and key
openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 \
 -nodes -keyout server.key -out server.crt \
 -subj '/O=ORGA/OU=ORGAU/CN=CNAME'

mkdir /etc/apache2/ssl/
mv server.* /etc/apache2/ssl/
# file permissions
cd /etc/apache2/ssl/
chmod 640 server.key server.crt
chown root:www-data server.key server.crt

# enable ssl module in apache
a2enmod ssl
/etc/init.d/apache2 force-reload

vi /etc/apache2/ports.conf
#Listen 80 # comment this line
netstat -tulpen
# tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      0          21655       4174/apache2    

vi /etc/apache2/sites-available/ssl
NameVirtualHost *:443
<VirtualHost *:443>
    DocumentRoot "/var/www/"

    SSLEngine on
    SSLOptions +StrictRequire

    <Directory />
        SSLRequireSSL
    </Directory>

    SSLProtocol -all +TLSv1 +SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

#    Syntax error on line 15 of /etc/apache2/sites-enabled/ssl:
#    SSLRandomSeed cannot occur within <VirtualHost> section
#    SSLRandomSeed startup file:/dev/urandom 1024
#    SSLRandomSeed connect file:/dev/urandom 1024

#    SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
#    SSLSessionCacheTimeout 600    

    SSLCertificateFile /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key

    SSLVerifyClient none
    SSLProxyEngine off

    <IfModule mime.c>
        AddType application/x-x509-ca-cert      .crt
        AddType application/x-pkcs7-crl         .crl
    </IfModule>

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

</VirtualHost>

a2dissite default
a2ensite ssl
/etc/init.d/apache2 force-reload