I broke my Apache 2.4 install and I need help!
@lbutlr
kremels at kreme.com
Tue Apr 10 06:16:26 UTC 2018
On 2018-04-03 (12:32 MDT), Johan Hendriks <joh.hendriks at gmail.com> wrote:
>
> Op 03/04/2018 om 00:56 schreef @lbutlr:
>> On 2018-04-02 (16:40 MDT), William Dudley <wfdudley at gmail.com> wrote:
>> This is what a virtual host looks like for me in apache24. I never put any hosts into http.conf other than a base name that is actually unused for web access. Everything is in user/name.conf or extras/httpd-vhosts.conf
>>
>> <VirtualHost *:443>
>> ServerName oursite.example.net
>> DocumentRoot /usr/local/www/oursite
>> SSLEngine on
>> SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/cert.pem
>> SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
>> SSLCertificateChainFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem
>> SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
>> SSLHonorCipherOrder on
>> # I am not sure this is needed or best for TLSv1.2, but it works for us
>> SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
>> Header always set Strict-Transport-Security "max-age=15638400; includeSubdomains;"
>> </VirtualHost>
>>
> The documentation of apache states that SSLCertificateChainFile is
> deprecated and SSLCertificateFile will handle your cert and chain in one
> file. See apache docs
> http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile
> I do not think this helps with your problem but it is cleaner to not use
> deprecated configs.
I am not the OP with the problem, I was just sharing the configuration that I have that works.
it looks like I should change that to
SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem
I'll give that a try next time I'm editing configs.
--
Don't congratulate yourself too much, or berate yourself either. You
choices are half chance; so are everybody else's.
More information about the freebsd-questions
mailing list