HTTP Server: Apache 2.4

SSL Support (HTTPS)

by ross at 03:19:26 on August 2, 2014

Edit httpd.conf, find "Listen 80" and change to:

Listen 443
Listen 80

Uncomment the following modules:

LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache24/mod_ssl.so

Create apache24/modules.d/100_mod_ssl.conf:

<IfModule ssl_module>
    SSLEngine off
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    SSLPassPhraseDialog  builtin
    SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
    SSLSessionCacheTimeout  300

    <FilesMatch "\.(cgi|fcgi|php|phtml|inc)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
</IfModule>

Virtual hosts

<VirtualHost *:443>

    # ... absolutely the same stuff as in *:80 vhost goes here ...

    SSLEngine on
    # You need to specify the certificate and the key:
    SSLCertificateFile "/etc/certs/example.com.crt"
    SSLCertificateKeyFile "/etc/certs/example.com.unencrypted.key"
</VirtualHost>

If self-signed certificate is enough for you, then you can generate one using this guide.

 

Comments