I broke my Apache 2.4 install and I need help!
Johan Hendriks
joh.hendriks at gmail.com
Tue Apr 3 18:32:35 UTC 2018
Op 03/04/2018 om 00:56 schreef @lbutlr:
> On 2018-04-02 (16:40 MDT), William Dudley <wfdudley at gmail.com> wrote:
>> I've managed to get my apache install working without any SSL stuff
>> running. That's progress.
> This is what a virtual host looks like for me in apache24. I never put any hosts into http.conf other than a base name that is actually unused for web access. Everything is in user/name.conf or extras/httpd-vhosts.conf
>
> <VirtualHost *:443>
> ServerName oursite.example.net
> DocumentRoot /usr/local/www/oursite
> SSLEngine on
> SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/cert.pem
> SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
> SSLCertificateChainFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem
> SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
> SSLHonorCipherOrder on
> # I am not sure this is needed or best for TLSv1.2, but it works for us
> SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
> Header always set Strict-Transport-Security "max-age=15638400; includeSubdomains;"
> </VirtualHost>
>
The documentation of apache states that SSLCertificateChainFile is
deprecated and SSLCertificateFile will handle your cert and chain in one
file. See apache docs
http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile
I do not think this helps with your problem but it is cleaner to not use
deprecated configs.
regards
Johan Hendriks
More information about the freebsd-questions
mailing list