Apache 配置SSL

SSLEngine on
SSLProtocol all -SSLv2 //只允许SSLv3和TLSv1,SSLv2有缺陷禁止掉
SSLCipherSuite RSA:DH:DSS:!EXP:!NULL:!ADH:!EDH:!LOW:!RC4:!MD5:HIGH:MEDIUM //最终的结果就是Key Exchange=RSA/DH,Authentication=RSA/DSS,Cipher Encoding=AES(128/256)/3DES(168),MAC Digest=SHA1
SSLCertificateFile /etc/ssl/certs/nnlm.cer //CA颁发的证书
SSLCertificateKeyFile /etc/ssl/private/nnlm.key //证书的私钥
SSLCertificateChainFile /etc/ssl/certs/chain.cer //证书链,所有的证书链全部写到一个文件里面