ServerName test.cacert.org ServerAlias www.test.cacert.org DocumentRoot /www/www ScriptAlias /cgi-bin/ /www/cgi-bin/ Redirect permanent /revoke.crl http://crl.cacert.org/revoke.crl Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] AddDefaultCharset utf-8 ServerName test.cacert.org ServerAlias www.test.cacert.org DocumentRoot /www/www SSLEngine on SSLStrictSNIVHostCheck on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL SSLCertificateFile /etc/ssl/certs/test.cacert.org.crt SSLCertificateKeyFile /etc/ssl/private/test.cacert.org.pem SSLCACertificateFile /etc/ssl/certs/combined.crt Header always set Strict-Transport-Security "max-age=31536000" ScriptAlias /cgi-bin/ /www/cgi-bin/ Redirect permanent /revoke.crl http://crl.cacert.org/revoke.crl Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] AddDefaultCharset utf-8 ServerName secure.test.cacert.org ServerAlias secure.test.cacert.org DocumentRoot /www/www SSLEngine on SSLStrictSNIVHostCheck on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL SSLCertificateFile /etc/ssl/certs/secure.crt SSLCertificateKeyFile /etc/ssl/private/secure_test_cacert_org.pem SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile /etc/ssl/certs/combined.crt #SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl #SSLOCSPEnable on #SSLOCSPDefaultResponder http://ocsp.cacert.org/ SSLOptions +StdEnvVars Header always set Strict-Transport-Security "max-age=31536000" Redirect permanent /revoke.crl http://crl.cacert.org/revoke.crl Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] AddDefaultCharset utf-8