4 ## All SSL configuration in this context applies both to
5 ## the main server and all SSL-enabled virtual hosts.
8 # These are the configuration directives to instruct the server how to
9 # serve pages over an https connection. For detailing information about these
10 # directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
12 # Do NOT simply read the instructions in here without understanding
13 # what they do. They're here only as hints or reminders. If you are unsure
14 # consult the online docs. You have been warned.
16 # This global SSL configuration is ignored if
17 # "SSL" is not defined, or if "NOSSL" is defined.
23 # Some MIME-types for downloading Certificates and CRLs
25 AddType application/x-x509-ca-cert .crt
26 AddType application/x-pkcs7-crl .crl
29 # Configure the pass phrase gathering process.
30 # The filtering dialog program (`builtin' is a internal
31 # terminal dialog) has to provide the pass phrase on stdout.
32 SSLPassPhraseDialog builtin
34 # Inter-Process Session Cache:
35 # Configure the SSL Session Cache: First the mechanism
36 # to use and second the expiring timeout (in seconds).
37 # shm means the same as shmht.
38 # Note that on most platforms shared memory segments are not allowed to be on
39 # network-mounted drives, so in that case you need to use the dbm method.
41 #SSLSessionCache dbm:/var/log/httpd/ssl_scache
42 #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000)
43 SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000)
44 SSLSessionCacheTimeout 900
47 # Configure the path to the mutual exclusion semaphore the
48 # SSL engine uses internally for inter-process synchronization.
49 SSLMutex file:/var/log/httpd/ssl_mutex
51 # Pseudo Random Number Generator (PRNG):
52 # Configure one or more sources to seed the PRNG of the
53 # SSL library. The seed data should be of good random quality.
54 # WARNING! On some platforms /dev/random blocks if not enough entropy
55 # is available. This means you then cannot use the /dev/random device
56 # because it would lead to very long connection times (as long as
57 # it requires to make more entropy available). But usually those
58 # platforms additionally provide a /dev/urandom device which doesn't
59 # block. So, if available, use this one instead. Read the mod_ssl User
60 # Manual for more details.
61 SSLRandomSeed startup builtin
62 SSLRandomSeed connect builtin
64 SSLLog /var/log/httpd/ssl_engine_log