Versions Compared

Old Version 5

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 6

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • In /etc/httpd/conf.d/ssl.conf, set the SSLRandomSeed options:
    No Format
    SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
    within the VirtualHost block, set the ServerName:
    No Format
    ServerName idp.mit.edu:443
    set the SSL cipher suite:
    No Format
    SSLCipherSuite HIGH:MEDIUM:EXP:!aNULL:!SSLv2:+SHA1:+MD5:+HIGH:+MEDIUM:+EXP
    set Install the server certificate, key, and CA files in /etc/pki/tls/certs/ and /etc/pki/tls/private/, as appropriate, and set the paths in ssl.conf:
    No Format
    SSLCertificateFile /etc/pki/tls/certs/idp-staging.mit.edu-cert.pem
SSLCertificateKeyFile /etc/pki/tls/private/idp-staging.mit.edu-key.pem
SSLCertificateChainFile /etc/pki/tls/certs/EquifaxCA.pem
SSLCACertificateFile /etc/pki/tls/certs/mitCAclient.pem
    set the SSL options:
    No Format
    SSLOptions +StrictRequire
    configure custom logging:
    No Format
     CustomLog logs/ssl_request_log \
          "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\" %b"
    ensure that all access is via SSL:
    No Format
    <Directory />
    SSLRequireSSL
</Directory>
    ensure that all rewrite rules are inherited:
    No Format
    RewriteEngine On
RewriteOptions inherit

...