# change this in the Global Environment) Listen 443 Listen 80 BindAddress * User www Group www # insert this into the main server section Port 443 SSLNoCAList SSLRandomFile /dev/urandom 1024 SSLRandomFilePerConnection /dev/urandom 1024 SSLEnable SSLCacheServerPath sbin/gcache SSLCacheServerPort /var/log/cache_port SSLCacheServerRunDir /tmp SSLSessionCacheTimeout 15 # Set the CA certificate verification path (must be PEM encoded). # (in addition to getenv(SSL_CERT_DIR), I think). #SSLCACertificatePath /usr/local/certs/ca/ # Set the CA certificate verification file (must be PEM encoded). # (in addition to getenv(SSL_CERT_FILE), I think). #SSLCACertificateFile /usr/local/certs/some.CA.cert.pem # Point SSLCertificateFile at a PEM encoded certificate. # If the certificate is encrypted, then you will be prompted for a pass phrase. # Note that a kill -1 will prompt again. SSLCertificateFile /usr/local/certs/host.cert.cert # If the key is not combined with the certificate, use this directive to # point at the key file. If this starts with a '/' it specifies an absolute # path, otherwise it is relative to the default certificate area. That is, it # means /private/. SSLCertificateKeyFile /usr/local/certs/host.cert.key # Set SSLVerifyClient to: # 0 if no certificate is required # 1 if the client may present a valid certificate # 2 if the client must present a valid certificate # 3 if the client may present a valid certificate but it is not required to # have a valid CA SSLVerifyClient 0 # How deeply to verify before deciding they don't have a valid certificate SSLVerifyDepth 10 SSLFakeBasicAuth SSLBanCipher NULL-MD5:NULL-SHA # Put this into the Virtual Hosts section ; SSLDisable Port 80 DocumentRoot /usr/local/www/htdocs ErrorLog /var/log/httpd-error_log CustomLog /var/log/httpd-access_log combined ;