====== Webserver config ====== For [[rb-projects-webca:webca|Web-based Certificate Authority]]. ===== Ubuntu Apache Config ===== Apache enable site config This config is from Ubuntu sites-available dir (/etc/apache2/sites-available), you will need to enable this with ''a2ensite xxxx-sitename'' root:/opt/webca# cat /etc/apache2/sites-available/webCA ServerAdmin webmaster@localhost ServerName ca.xxxx.int DocumentRoot /opt/webca/webroot/https/ Options FollowSymLinks +Includes AllowOverride None Options Indexes FollowSymLinks MultiViews +Includes AllowOverride None Order allow,deny allow from all DirectoryIndex index.html ScriptAlias /cgi-bin/ /opt/webca/webroot/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog /opt/webca/webroot/logs/webCA-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /opt/webca/webroot/logs/webCA-access.log combined # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /opt/webca/ca-xxxx-int.cert SSLCertificateKeyFile /opt/webca/ca-xxxx-int.key #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt #SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown root:/opt/webca# ===== Centos Apache config ===== Not uploaded yet, but will be mostly the same, ie. ssl based virtual host with SNI.