Configure SSL

  1. Modify httpd.conf (and ssl.conf if you have one)
  2. Your httpd.conf needs to contain the following lines in the main body:
    Listen your.ip.address:80
    Listen your.ip.address:443
    LoadModule ssl_module modules/
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
  3. You will need at least two virtual hosts - one for port 80 and one for port 443.
  4. Turn SSL off for port 80:
    <VirtualHost *:80>
         SSLEngine off
  5. Make sure you have a virtual host for port 443:
         SSLEngine on
         ErrorLog logs/ssl_error_log
         TransferLog logs/ssl_access_log
         SSLCACertificatePath /full/path/to/TrustedCAs
         SSLCertificateFile /full/path/to/certs/yourserver.cert.cert
         SSLCertificateKeyFile /full/path/to/certs/yourserver.cert.key
         SSLVerifyClient require
         SSLVerifyDepth 2
         SSLOptions +StdEnvVars
         SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0
  6. Make sure to require SSL permissions for the appropriate directories
    <Directory "/some/html/dir/secure">
    </Directory >
  7. You will need signed certificates in /full/path/to/certs/

DocDB License