Date: Tue, 10 Apr 2018 00:16:17 -0600 From: "@lbutlr" <kremels@kreme.com> To: freebsd-questions@freebsd.org Subject: Re: I broke my Apache 2.4 install and I need help! Message-ID: <EDE9C7CD-FCEA-4FF9-B966-F785753E4947@kreme.com> In-Reply-To: <458eb0bf-dbd8-01c2-4eac-96546e61dec1@gmail.com> References: <CAFsnNZLHzAsNfYD2H1qsgHEZZz0uFRhTomDi0uWg5ee-93PqAw@mail.gmail.com> <20180402204202.GA3145@gmail.com> <CAFsnNZKjovHMGf4%2BkSBxq8h=siLvbsNg5LNs8nCcB24wRGNpqA@mail.gmail.com> <20180402213311.GB3145@gmail.com> <CAFsnNZLyLEUHxX8pu9AuT0kaeOnPo8JdG-Ctge92OLBC0H60yw@mail.gmail.com> <CALeGphxZ7-HyZXuzsyHXHrdJ6SY8BLUvbR6ot_3igDtWEUTfQA@mail.gmail.com> <CAFsnNZKP7W5rYoW11N-Qh-vWyH_QZ2eKK=R1PLbXPLECShxH1w@mail.gmail.com> <CALeGphy1qSVfcKbTCeRh_k4mUGhOGeEDd7xn49JNN9rpdpHxtA@mail.gmail.com> <CAFsnNZJtNYqdbFzBkK7d8zbWS1B_xkKkPGOvqDjE%2BSUcxD2pYw@mail.gmail.com> <22AED507-651D-4FF5-9D3F-73F41F57AC24@kreme.com> <458eb0bf-dbd8-01c2-4eac-96546e61dec1@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2018-04-03 (12:32 MDT), Johan Hendriks <joh.hendriks@gmail.com> = wrote: >=20 > Op 03/04/2018 om 00:56 schreef @lbutlr: >> On 2018-04-02 (16:40 MDT), William Dudley <wfdudley@gmail.com> wrote: >> This is what a virtual host looks like for me in apache24. I never = put any hosts into http.conf other than a base name that is actually = unused for web access. Everything is in user/name.conf or = extras/httpd-vhosts.conf >>=20 >> <VirtualHost *:443> >> ServerName oursite.example.net >> DocumentRoot /usr/local/www/oursite >> SSLEngine on >> SSLCertificateFile = /usr/local/etc/dehydrated/certs/covisp.net/cert.pem >> SSLCertificateKeyFile = /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem >> SSLCertificateChainFile = /usr/local/etc/dehydrated/certs/covisp.net/chain.pem >> SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 >> SSLHonorCipherOrder on >> # I am not sure this is needed or best for TLSv1.2, but it works = for us >> SSLCipherSuite = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:D= H+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS >> Header always set Strict-Transport-Security "max-age=3D15638400; = includeSubdomains;" >> </VirtualHost> =20 >>=20 > The documentation of apache states that SSLCertificateChainFile is > deprecated and SSLCertificateFile will handle your cert and chain in = one > file. See apache docs > = http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainf= ile > I do not think this helps with your problem but it is cleaner to not = use > deprecated configs. I am not the OP with the problem, I was just sharing the configuration = that I have that works. it looks like I should change that to=20 SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem I'll give that a try next time I'm editing configs. --=20 Don't congratulate yourself too much, or berate yourself either. You choices are half chance; so are everybody else's.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EDE9C7CD-FCEA-4FF9-B966-F785753E4947>