1
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

Apache2.2でのssl.confのサンプル

Last updated at Posted at 2017-07-01

概要

ある程度古いブラウザとの互換性を保ちながら、QUALYS SSL LABS SSL Server Testで A+ 評価になる設定。
CentOS 6をターゲットにしていて、CentOS 5だとOpenSSLのバージョンの問題により動作しない。またCentOS 7だとhttpd 2.4系では設定の書き方が一部異なるためこちらも動作しない。

設定

/etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ALL:!EXP:!SSLv2:!RC4:!MD5:+3DES:!ADH:!aNULL:!eNULL:!PSK:!SRP:!DSS:!KRBS:!LOW:+HIGH:+MEDIUM:EDH+HIGH

Header add Strict-Transport-Security "max-age=15552000"

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

NameVirtualHost *:443

<VirtualHost *:443>
  ServerName hoge.domain
  DocumentRoot /var/www/html/
  TransferLog logs/ssl_access_log
  ErrorLog logs/ssl_error_log
  LogLevel warn

  SSLEngine on
  SSLCertificateFile /path/to/certs/server.crt
  SSLCertificateKeyFile /path/to/certs/server.key
  SSLCertificateChainFile /path/to/certs/server-chain.crt
</VirtualHost>
1
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?