############################################################################### # Instrukcja pochodzi z http://nnd.freesco.pl # # Aby wygenerowac klucz wpisz: # # openssl genrsa -des3 -rand /etc/random-seed -out /etc/httpd/server.key 2048 # # Po utworzeniu klucza nalezy zabezpieczyc go haslem # # Nastepnie, aby wygenerowac certyfikat na podstawie utworzonego przed chwila # # klucza, wpisz: # # openssl req -new -x509 -days 3650 -key /etc/httpd/server.key -out /etc/httpd/server.crt # Aby usunac haslo z klucza: # # cp /etc/httpd/server.key /etc/httpd/server.key.old # # openssl rsa -in /etc/httpd/server.key.old -out /etc/httpd/server.key # ############################################################################### LoadModule ssl_module /usr/lib/apache/mod_ssl.so Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/log/httpd/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/log/httpd/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin DocumentRoot "/home/httpd/html" ServerName localhost:443 ServerAdmin admin@your.address ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/server.crt SSLCertificateKeyFile /etc/httpd/server.key SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"