2020-12-20 14:52:15 +01:00
|
|
|
<VirtualHost *:80>
|
2020-12-23 07:17:06 +01:00
|
|
|
ServerName www.cacert.localhost
|
2020-12-20 14:52:15 +01:00
|
|
|
DocumentRoot /www/www
|
|
|
|
|
|
|
|
|
|
ScriptAlias /cgi-bin/ /www/cgi-bin/
|
2020-12-20 15:28:19 +01:00
|
|
|
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
|
|
|
|
|
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
|
2020-12-20 14:52:15 +01:00
|
|
|
RewriteEngine On
|
|
|
|
|
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
<Directory /www/www/policy>
|
|
|
|
|
AddDefaultCharset utf-8
|
|
|
|
|
</Directory>
|
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
|
|
<VirtualHost *:443>
|
2020-12-23 07:17:06 +01:00
|
|
|
ServerName www.cacert.localhost
|
2020-12-20 14:52:15 +01:00
|
|
|
DocumentRoot /www/www
|
|
|
|
|
|
|
|
|
|
SSLEngine on
|
|
|
|
|
SSLStrictSNIVHostCheck on
|
|
|
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
|
|
|
SSLHonorCipherOrder on
|
|
|
|
|
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
2020-12-23 07:17:06 +01:00
|
|
|
SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
|
|
|
|
|
SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
|
2020-12-20 14:52:15 +01:00
|
|
|
|
|
|
|
|
Header always set Strict-Transport-Security "max-age=31536000"
|
|
|
|
|
|
|
|
|
|
ScriptAlias /cgi-bin/ /www/cgi-bin/
|
2020-12-20 15:28:19 +01:00
|
|
|
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
|
|
|
|
|
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
|
2020-12-20 14:52:15 +01:00
|
|
|
RewriteEngine On
|
|
|
|
|
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
<Directory /www/www/policy>
|
|
|
|
|
AddDefaultCharset utf-8
|
|
|
|
|
</Directory>
|
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
|
|
<VirtualHost *:443>
|
2020-12-23 07:17:06 +01:00
|
|
|
ServerName secure.cacert.localhost
|
2020-12-20 14:52:15 +01:00
|
|
|
DocumentRoot /www/www
|
|
|
|
|
|
|
|
|
|
SSLEngine on
|
|
|
|
|
SSLStrictSNIVHostCheck on
|
|
|
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
|
|
|
SSLHonorCipherOrder on
|
|
|
|
|
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
2020-12-23 07:17:06 +01:00
|
|
|
SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
|
|
|
|
|
SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
|
2020-12-22 15:51:13 +01:00
|
|
|
|
2020-12-20 14:52:15 +01:00
|
|
|
SSLVerifyClient require
|
|
|
|
|
SSLVerifyDepth 2
|
2020-12-22 15:51:13 +01:00
|
|
|
SSLCACertificateFile /etc/ssl/apache2/certs/combined.crt
|
2020-12-20 14:52:15 +01:00
|
|
|
#SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl
|
|
|
|
|
#SSLOCSPEnable on
|
2020-12-20 15:28:19 +01:00
|
|
|
#SSLOCSPDefaultResponder http://ocsp.cacert.localhost/
|
2020-12-20 14:52:15 +01:00
|
|
|
SSLOptions +StdEnvVars
|
|
|
|
|
|
|
|
|
|
Header always set Strict-Transport-Security "max-age=31536000"
|
|
|
|
|
|
2020-12-20 15:28:19 +01:00
|
|
|
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
|
|
|
|
|
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
|
2020-12-20 14:52:15 +01:00
|
|
|
RewriteEngine On
|
|
|
|
|
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
<Directory /www/www/policy>
|
|
|
|
|
AddDefaultCharset utf-8
|
|
|
|
|
</Directory>
|
|
|
|
|
</VirtualHost>
|
