Introduction
This is a very quick guide by Peter Caffin on settings used to get your external website certificates working with mod_ssl for Apache. It was written one day when I got annoyed with the lack of clear and consise documentation for what is basically one of the most common SSL website related tasks. It was created on 20020701.
httpd.conf
First, make sure you're loading the right module. Using both libssl.so and mod_ssl.so doesn't work.
# LoadModule apache_ssl_module /usr/lib/apache/1.3/libssl.so LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
Now, ensure that your server name matches the name you've registered on your site certificate.
ServerName www.yourhostname.com
Now for the gory bits...
SSLEngine on SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA SSLCertificateFile /etc/apache-ssl/conf/ssl.cert/www.yourhostname.com.crt SSLCertificateKeyFile /etc/apache-ssl/conf/ssl.key/www.yourhostname.com.key SSLCertificateChainFile /etc/apache-ssl/conf/ssl.ca/ssl.ca SSLCACertificatePath /etc/apache/ssl.crt SSLCACertificateFile /etc/apache/ssl.crt/ca-bundle.crt # SSLCacheServerPort 44366 # SSLCacheServerPort /var/run/gcache_port # SSLCacheServerPath /usr/lib/apache-ssl/gcache # SSLSessionCacheTimeout 3600 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SSLVerifyClient 0 SSLVerifyDepth 10
Okay, that's the basics. This document doesn't cover advanced topics. But, hopefully this provides enough of the basics to get you started.