SSL certificates

Self signed

export RANDFILE=/dev/random

openssl req $@ -new -x509 -days 365 -nodes -out \
 /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

chmod 600 /etc/apache2/ssl/apache.pem

Apache config

Add to the bottom of /etc/apache2/sites-enabled/000-default

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfModule mod_ssl.c>
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex

<VirtualHost *:443>
        DocumentRoot /var/www
        ServerAdmin support@ju.edu.et
        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl/mail.crt
        SSLCertificateKeyFile /etc/apache2/ssl/mail.key

        SetEnv SQWEBMAIL_MAXATTSIZE  6000000
        SetEnv SQWEBMAIL_MAXMSGSIZE 10000000
        SetEnv SQWEBMAIL_TEMPLATEDIR /home/ju-sqwebmail/html

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

        <Directory /var/www/email-changepass>
                Deny From All
                Allow From 10.140.0.0/16
        </Directory>

</VirtualHost>
</IfModule>
vlir/projects/ssl.txt · Last modified: 2008/11/05 17:24 by rudy
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Run by Debian Driven by DokuWiki