# # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailed information about these # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Required modules: mod_log_config, mod_setenvif, mod_ssl, # socache_shmcb_module (for default value of SSLSessionCache)
# # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512
# # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # Listen 443
# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on
# Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin
# Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:logs/ssl_scache" SSLSessionCache "shmcb:logs/ssl_scache(512000)" SSLSessionCacheTimeout 300
以下复制我的httpd-ssl.conf文件内容以供您参考修改: # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailed information about these # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Required modules: mod_log_config, mod_setenvif, mod_ssl, # socache_shmcb_module (for default value of SSLSessionCache)
# # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512
# # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port #
# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on
# Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin
# Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:logs/ssl_scache" SSLSessionCache "shmcb:logs/ssl_scache(512000)" SSLSessionCacheTimeout 300
NameVirtualHost *:443 SSLStrictSNIVHostCheck off
#第一个子域名www.cuoxin.com主机配置 <VirtualHost _default_:443> DocumentRoot "D:/www/" ServerName www.cuoxin.com:443 ServerAlias www.cuoxin.com ServerAdmin you@example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/Apache/www.crt" SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/Apache/www.key" SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/Apache/root_bundle.crt" <FilesMatch "/.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/www/"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> #第二个以down.cuoxin.com的主机配置,注意<VirtualHost *:443>这里与第一个主机不同但是和第三个主机相同。 <VirtualHost *:443> DocumentRoot "D:/down" ServerName down.cuoxin.com:443 ServerAlias down.cuoxin.com ServerAdmin you@example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/down/down.crt" SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/down/down.key" SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/down/root_bundle2.crt" <FilesMatch "/.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/down"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> #第三个以bbs.cuoxin.com的主机配置,注意<VirtualHost *:443>这里与第一个主机不同但是和第二个主机相同。 <VirtualHost *:443> DocumentRoot "D:/bbs" ServerName bbs.cuoxin.com:443 ServerAlias bbs.cuoxin.com ServerAdmin you@example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/bbs/bbs.crt" SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/bbs/bbs.key" SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/bbs/root_bundle3.crt" <FilesMatch "/.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/bbs"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost>