Pages

[Phil P]

Hello All

I got my CompTIA A+ certification in 2006.

When I was offered a job in the aviation industry that paid considerable more than the IT business I moved on.

However not completely get out of the IT business I did keep busy part time doing fiber optics networks.

Now at 81 I have started a hobby HTML server based on Apache 2.4.

I now need help establishing an SSL certificate for my 2 web sites.

I am just totally ignorant about how to go about this from the server setup to the final installation of required coding.

Thanks to anyone that may want to help.

John P Paxton

[mario]

Hi John,
setting that up isn't hard.

First global config for ssl.

Code Select Expand

LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

<IfModule mod_headers.c>
#        Header always set Strict-Transport-Security "max-age=15553000;"
#        Header always set Strict-Transport-Security "max-age=1;"
</IfModule>
Listen 443
SSLUseStapling On
SSLSessionCache shmcb:C:/Windows/Temp/ssl_gcache_data(512000)
SSLStaplingCache shmcb:C:/Windows/Temp/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1

SSLOpenSSLConfCmd SignatureAlgorithms rsa_pss_rsae_sha512:rsa_pss_rsae_sha256:ECDSA+SHA512:ECDSA+SHA256:RSA+SHA512:RSA+SHA256
SSLOpenSSLConfCmd ClientSignatureAlgorithms rsa_pss_rsae_sha512:rsa_pss_rsae_sha256:ECDSA+SHA512:ECDSA+SHA256:RSA+SHA512:RSA+SHA256

Then in your vhosts

Code Select Expand

<VirtualHost *:443>
   ServerName other.example.com

   DirectoryIndex index.php

   <IfModule fcgid_module>
      FcgidInitialEnv PHPRC "C:/php8"
      FcgidInitialEnv PATH "C:\\php8;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;"
      FcgidInitialEnv SystemRoot "C:\\Windows"
      FcgidInitialEnv SystemDrive "C:"
      FcgidInitialEnv TEMP "C:\\WINDOWS\\TEMP"
      FcgidInitialEnv TMP "C:\\WINDOWS\\TEMP"
      FcgidInitialEnv windir "C:\\WINDOWS"
      FcgidPassHeader Authorization
      <Files ~ "\.php$">
         Options Indexes FollowSymLinks ExecCGI
         AddHandler fcgid-script .php
         FcgidWrapper "C:/php8/php-cgi.exe" .php
      </Files>
   </IfModule>

   CustomLog "C:\nul" common

   DocumentRoot "C:/other"
   <Directory "C:/other">
      Options Indexes FollowSymLinks
      AllowOverride None
      Require all granted

      RewriteEngine on
      RewriteBase /
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule ^(.*)$ index.php [QSA]
   </Directory>

   SSLEngine on
   SSLCertificateFile conf/certs/internal/fullchain.pem
   SSLCertificateKeyFile conf/certs/internal/privkey.pem

   <Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
      SSLOptions +StdEnvVars
   </Files>
</VirtualHost>

if you still have a question please ask again.