Swamp's Linux Guide

Step 1:
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.swamp.key
chmod go-rwx /etc/httpd/conf/ssl.key/server.swamp.key

Step 2:
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.swamp.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.swamp.crt

Step 3:
cd /etc/httpd/conf.d/
pico -w ssl.conf


LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/cache/mod_ssl/scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

<VirtualHost XXX.XXX.XXX.XXX:443>

DocumentRoot "/home/swamp/www"
ServerName www.swamp.net:443
ServerAdmin admin@swamp.net
ErrorLog /home/swamp/logs/ssl_error_log
TransferLog /home/swamp/logs/ssl_access_log

SSLEngine on

#   SSL Cipher Suite:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.swamp.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt

#   Server Private Key:
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.swamp.key
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key

#   Server Certificate Chain:
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

#   Certificate Authority (CA):
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#SSLCARevocationPath /etc/httpd/conf/ssl.crl
#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl

#   Client Authentication (Type):
#SSLVerifyClient require
#SSLVerifyDepth  10

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/home/swamp/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

#   SSL Protocol Adjustments:
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Step 4:
/etc/init.d/httpd restart