From 1fcb436ac1ced1fd449b882c0901724a6e9d6b27 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Wed, 3 Feb 2010 10:48:20 -0500 Subject: fix incomplete file include.d/Debian/ssl_defaults.inc --- files/include.d/Debian/ssl_defaults.inc | 46 +++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'files') diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc index e418f43..5cc663f 100644 --- a/files/include.d/Debian/ssl_defaults.inc +++ b/files/include.d/Debian/ssl_defaults.inc @@ -1,3 +1,49 @@ +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 + + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +#SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt -- cgit v1.2.3