本文详细介绍了如何在Apache HTTP服务器中配置SSL/TLS连接,包括使用额外的配置文件来支持SSL连接,设置SSL随机种子,处理不遵循开放标准的浏览器,以及SSL证书的加载和配置。
Hpptd.conf # Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# Deal with user agents that deliberately violate open standards
#
<IfModule setenvif_module>
BrowserMatch "MSIE 10.0;" bad_DNT
</IfModule>
<IfModule headers_module>
RequestHeader unset DNT env=bad_DNT
</IfModule>
Timeout 600
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 15
Hpptd-ssl.conf #########################################
######## ssl config ##############
#########################################
LoadModule ssl_module modules/mod_ssl.so
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
#DocumentRoot "/opt/apache2/htdocs/ssl"
ServerName www.xxxx.com
#ServerName 11.12.28.22:443
ServerAdmin a@a.com
ErrorLog "/opt/apache2/logs/ssl_error_log"
TransferLog "/opt/apache2/logs/ssl_access_log"
SSLCertificateFile "/opt/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/apache2/conf/server.key"
</VirtualHost>
扫一扫
4033
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
