add minimale directives for apache
This commit is contained in:
parent
77497a2843
commit
26d3d9b3c2
16
HowtoSSL.md
16
HowtoSSL.md
|
@ -55,7 +55,12 @@ Note : sous Debian, pour regénérer le certificat *snakeoil* (certificat autog
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
# make-ssl-cert generate-default-snakeoil --force-overwrite
|
# make-ssl-cert generate-default-snakeoil --force-overwrite
|
||||||
~~~
|
~~~ SSLEngine on
|
||||||
|
SSLCertificateFile /etc/apache2/ssl/secure.crt
|
||||||
|
SSLCertificateKeyFile /etc/apache2/ssl/secure.key
|
||||||
|
|
||||||
|
# On désactive certaines prises en charge de protocole
|
||||||
|
SSLProtocol All -SSLv2 -SSLv3
|
||||||
|
|
||||||
### Générer un certificat multi-domaines avec subjectAltName
|
### Générer un certificat multi-domaines avec subjectAltName
|
||||||
|
|
||||||
|
@ -371,6 +376,15 @@ SSLStaplingCache shmcb:/var/log/apache2/ssl_staplingcache(2048000)
|
||||||
Header always set Strict-Transport-Security "max-age=15552000"
|
Header always set Strict-Transport-Security "max-age=15552000"
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
Voici une configuration minimale :
|
||||||
|
|
||||||
|
~~~{.apache}
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/secure.crt
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/secure.key
|
||||||
|
SSLProtocol All -SSLv2 -SSLv3
|
||||||
|
~~~
|
||||||
|
|
||||||
#### Configuration Nginx
|
#### Configuration Nginx
|
||||||
|
|
||||||
En pratique avec Nginx (sous Debian 8), voici une configuration SSL avancée :
|
En pratique avec Nginx (sous Debian 8), voici une configuration SSL avancée :
|
||||||
|
|
Loading…
Reference in a new issue