2024-10/conf/kapitel/kapitel_10.conf

##### Kapitel 10 - SSL

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

# Für dehydrated, aus Debian-Package "dehydrated-apache2"
Include /etc/apache2/conf-available/dehydrated.conf

### SSL-Protokoll/-Cipher Log-File-Format
LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ssl_info
LogFormat "%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{User-Agent}i\" %h \"%r\" %b" ssl_agentinfo
LogFormat "%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{User-Agent}i\"" ssl_browser

### IP-based SSL-VHost

<VirtualHost 172.31.31.101:443>
	SSLEngine On
	SSLCertificateFile "/usr/local/apache2/conf/ssl/ipbased.sv.crt"
	SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/ipbased.sv.key"
	# SSLCertificateChainFile "/usr/local/apache2/conf/ssl/interm.crt"

	DocumentRoot /usr/local/apache2/htdocs-ipbased.sv
	ServerName ipbased.sv
	CustomLog logs/SSL_ipbased-access.log combined
	ErrorLog logs/SSL_ipbased-error.log

	CustomLog logs/ipbased.sv_ssl.log ssl_browser
	CustomLog logs/ipbased.sv_ssl_agent.log ssl_agentinfo

	SSLCACertificateFile CA/cacert.pem
	<Location /sslclient/>
		SSLVerifyClient require
		SSLVerifyDepth  1
	</Location>
</VirtualHost>

### Name-based SSL-VHosts

<VirtualHost 172.31.31.102:443>
	SSLEngine On
	SSLCertificateFile /usr/local/apache2/conf/ssl/firma1.sv.crt
	SSLCertificateKeyFile /usr/local/apache2/conf/ssl/firma1.sv.key

	DocumentRoot /usr/local/apache2/htdocs-firma1.sv
	ServerName firma1.sv
	ServerAlias *.firma1.sv
	CustomLog logs/firma1-access.log combined
	ErrorLog logs/firma1-error.log
</VirtualHost>

<VirtualHost 172.31.31.102:443>
	SSLEngine On
	SSLCertificateFile /usr/local/apache2/conf/ssl/firma2.sv.crt
	SSLCertificateKeyFile /usr/local/apache2/conf/ssl/firma2.sv.key

	DocumentRoot /usr/local/apache2/htdocs-firma2.sv
	ServerName firma2.sv
	ServerAlias *.firma2.sv
	CustomLog logs/firma2-access.log combined
	ErrorLog logs/firma2-error.log
</VirtualHost>