Kapitel 10: SSL/TLS

conf/kapitel/kapitel_10.conf

@@ -0,0 +1,62 @@
+##### Kapitel 10 - SSL
+
+LoadModule ssl_module modules/mod_ssl.so
+Include conf/extra/httpd-ssl.conf
+
+# Für dehydrated, aus Debian-Package "dehydrated-apache2"
+Include /etc/apache2/conf-available/dehydrated.conf
+
+### SSL-Protokoll/-Cipher Log-File-Format
+LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ssl_info
+LogFormat "%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{User-Agent}i\" %h \"%r\" %b" ssl_agentinfo
+LogFormat "%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{User-Agent}i\"" ssl_browser
+
+### IP-based SSL-VHost
+
+<VirtualHost 172.31.31.101:443>
+	SSLEngine On
+	SSLCertificateFile "/usr/local/apache2/conf/ssl/ipbased.sv.crt"
+	SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/ipbased.sv.key"
+	# SSLCertificateChainFile "/usr/local/apache2/conf/ssl/interm.crt"
+
+	DocumentRoot /usr/local/apache2/htdocs-ipbased.sv
+	ServerName ipbased.sv
+	CustomLog logs/SSL_ipbased-access.log combined
+	ErrorLog logs/SSL_ipbased-error.log
+
+	CustomLog logs/ipbased.sv_ssl.log ssl_browser
+	CustomLog logs/ipbased.sv_ssl_agent.log ssl_agentinfo
+
+	SSLCACertificateFile CA/cacert.pem
+	<Location /sslclient/>
+		SSLVerifyClient require
+		SSLVerifyDepth  1
+	</Location>
+</VirtualHost>
+
+### Name-based SSL-VHosts
+
+<VirtualHost 172.31.31.102:443>
+	SSLEngine On
+	SSLCertificateFile /usr/local/apache2/conf/ssl/firma1.sv.crt
+	SSLCertificateKeyFile /usr/local/apache2/conf/ssl/firma1.sv.key
+
+	DocumentRoot /usr/local/apache2/htdocs-firma1.sv
+	ServerName firma1.sv
+	ServerAlias *.firma1.sv
+	CustomLog logs/firma1-access.log combined
+	ErrorLog logs/firma1-error.log
+</VirtualHost>
+
+<VirtualHost 172.31.31.102:443>
+	SSLEngine On
+	SSLCertificateFile /usr/local/apache2/conf/ssl/firma2.sv.crt
+	SSLCertificateKeyFile /usr/local/apache2/conf/ssl/firma2.sv.key
+
+	DocumentRoot /usr/local/apache2/htdocs-firma2.sv
+	ServerName firma2.sv
+	ServerAlias *.firma2.sv
+	CustomLog logs/firma2-access.log combined
+	ErrorLog logs/firma2-error.log
+</VirtualHost>
+