Date: Tue, 3 Apr 2018 20:32:31 +0200 From: Johan Hendriks <joh.hendriks@gmail.com> To: "@lbutlr" <kremels@kreme.com> Cc: freebsd-questions@freebsd.org Subject: Re: I broke my Apache 2.4 install and I need help! Message-ID: <458eb0bf-dbd8-01c2-4eac-96546e61dec1@gmail.com> In-Reply-To: <22AED507-651D-4FF5-9D3F-73F41F57AC24@kreme.com> References: <CAFsnNZLHzAsNfYD2H1qsgHEZZz0uFRhTomDi0uWg5ee-93PqAw@mail.gmail.com> <20180402204202.GA3145@gmail.com> <CAFsnNZKjovHMGf4%2BkSBxq8h=siLvbsNg5LNs8nCcB24wRGNpqA@mail.gmail.com> <20180402213311.GB3145@gmail.com> <CAFsnNZLyLEUHxX8pu9AuT0kaeOnPo8JdG-Ctge92OLBC0H60yw@mail.gmail.com> <CALeGphxZ7-HyZXuzsyHXHrdJ6SY8BLUvbR6ot_3igDtWEUTfQA@mail.gmail.com> <CAFsnNZKP7W5rYoW11N-Qh-vWyH_QZ2eKK=R1PLbXPLECShxH1w@mail.gmail.com> <CALeGphy1qSVfcKbTCeRh_k4mUGhOGeEDd7xn49JNN9rpdpHxtA@mail.gmail.com> <CAFsnNZJtNYqdbFzBkK7d8zbWS1B_xkKkPGOvqDjE%2BSUcxD2pYw@mail.gmail.com> <22AED507-651D-4FF5-9D3F-73F41F57AC24@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Op 03/04/2018 om 00:56 schreef @lbutlr: > On 2018-04-02 (16:40 MDT), William Dudley <wfdudley@gmail.com> wrote: >> I've managed to get my apache install working without any SSL stuff >> running. That's progress. > This is what a virtual host looks like for me in apache24. I never put any hosts into http.conf other than a base name that is actually unused for web access. Everything is in user/name.conf or extras/httpd-vhosts.conf > > <VirtualHost *:443> > ServerName oursite.example.net > DocumentRoot /usr/local/www/oursite > SSLEngine on > SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/cert.pem > SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem > SSLCertificateChainFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem > SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 > SSLHonorCipherOrder on > # I am not sure this is needed or best for TLSv1.2, but it works for us > SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > Header always set Strict-Transport-Security "max-age=15638400; includeSubdomains;" > </VirtualHost> > The documentation of apache states that SSLCertificateChainFile is deprecated and SSLCertificateFile will handle your cert and chain in one file. See apache docs http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile I do not think this helps with your problem but it is cleaner to not use deprecated configs. regards Johan Hendriks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?458eb0bf-dbd8-01c2-4eac-96546e61dec1>