|
|
e160af1 |
LoadModule gnutls_module modules/mod_gnutls.so
|
|
|
e160af1 |
|
|
|
e160af1 |
GnuTLSCache dbm "/var/cache/mod_gnutls"
|
|
|
e160af1 |
GnuTLSCacheTimeout 300
|
|
|
a03de3b |
GnuTLSPriorities @SYSTEM
|
|
|
a03de3b |
Listen 443
|
|
|
a03de3b |
|
|
|
a03de3b |
<VirtualHost _default_:443>
|
|
|
a03de3b |
|
|
|
a03de3b |
# General setup for the virtual host, inherited from global configuration
|
|
|
a03de3b |
DocumentRoot "/var/www/html"
|
|
|
a03de3b |
#ServerName www.example.com:443
|
|
|
a03de3b |
|
|
|
a03de3b |
# Use separate log files for the SSL virtual host; note that LogLevel
|
|
|
a03de3b |
# is not inherited from httpd.conf.
|
|
|
a03de3b |
ErrorLog logs/ssl_error_log
|
|
|
a03de3b |
TransferLog logs/ssl_access_log
|
|
|
a03de3b |
LogLevel warn
|
|
|
a03de3b |
|
|
|
a03de3b |
# Enable GnuTLS for this virtual host
|
|
|
a03de3b |
GnuTLSEnable on
|
|
|
a03de3b |
|
|
|
a03de3b |
# Enable Session Tickets for the server
|
|
|
a03de3b |
#GnuTLSSessionTickets on
|
|
|
a03de3b |
|
|
|
a03de3b |
# Set the certificate and private key files. These can
|
|
|
a03de3b |
# also be PKCS #11 URLs.
|
|
|
a03de3b |
#GnuTLSCertificateFile /etc/pki/httpd/public/server.crt
|
|
|
a03de3b |
#GnuTLSKeyFile /etc/pki/httpd/private/server.key
|
|
|
a03de3b |
|
|
|
a03de3b |
# These can also be PKCS #11 URLs. Note: SELinux denies
|
|
|
a03de3b |
# access to accessing HSM.
|
|
|
a03de3b |
#GnuTLSCertificateFile "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1fd5a8f7cc3ec73b;token=soft%20token;id=%46%3a%3f%03%18%46%22%a9%71%64%3f%60%ac%cd%fc%1f%88%c7%b6%31;object=server-soft;type=cert"
|
|
|
a03de3b |
#GnuTLSKeyFile "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f0490bea351ba5b1;token=System%20softtoken;id=%00%01%02%03%04%05;object=server-key;type=private;pin-value=2092"
|
|
|
a03de3b |
|
|
|
a03de3b |
# Set `GnuTLSPIN` if the key file is encrypted.
|
|
|
a03de3b |
#GnuTLSPIN 1234
|
|
|
a03de3b |
|
|
|
a03de3b |
# Enable Client Certificate Verification
|
|
|
a03de3b |
# GnuTLSClientVerify [ignore|request|require]
|
|
|
a03de3b |
GnuTLSClientVerify ignore
|
|
|
a03de3b |
|
|
|
a03de3b |
# Set the allowed ciphers, key exchange algorithms, MACs and compression
|
|
|
a03de3b |
# methods
|
|
|
a03de3b |
#GnuTLSPriorities @SYSTEM
|
|
|
a03de3b |
#GnuTLSPriorities PERFORMANCE
|
|
|
a03de3b |
|
|
|
a03de3b |
# For PKCS #11 support
|
|
|
a03de3b |
# Load an additional (to p11-kit registered) PKCS #11 module.
|
|
|
a03de3b |
#GnuTLSP11Module PATH_TO_LIBRARY
|
|
|
a03de3b |
|
|
|
a03de3b |
</VirtualHost>
|
|
|
a03de3b |
|