需求:ASP 業者希望可以依照客戶網域個別設定 https 憑證條件:apache 2.2.12 以上 使用 openssl 0.98f 以上限制:瀏覽器有支援的版本需求 (特別注意的是 win XP 上任何的 IE 版本都不支援)

  • Mozilla Firefox 2.0 or later
  • Opera 8.0 or later (with TLS 1.1 enabled)
  • Internet Explorer 7.0 or later (on Vista, not XP)
  • Google Chrome
  • Safari 3.2.1 on Mac OS X 10.5.6


步驟說明:  Mail2000 V60 預設 apache 為 2.2.22 openssl 0.98k,因此調整相關設定即可


1. 開啟 httpd.conf 中 Include conf/extra/m2k_ssl.conf

2.  vim /webmail/httpd/conf/extra/m2k_ssl.conf (黑字為原本的,紅字為附加,藍字為修改)


Listen 443

NameVirtualHost *:443

SSLStrictSNIVHostCheck off
AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/webmail/httpd/logs/ssl_scache(512000)"SSLSessionCacheTimeout  300
SSLMutex  "file:/webmail/httpd/logs/ssl_mutex"


<VirtualHost *:443>

ServerName linux131.com

DocumentRoot "/webmail/httpd/data"

ServerAdmin adm@mail2000.com.tw

ErrorLog "/webmail/httpd/logs/error_log_ssl"

TransferLog "/webmail/httpd/logs/access_log_ssl"


SSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL

SSLCertificateFile "/root/tls.crt"

SSLCertificateKeyFile "/root/tls.key"


<FilesMatch "\.(cgi|shtml|phtml|php)$">    

    SSLOptions +StdEnvVars

</FilesMatch>


<Directory "/webmail/httpd/cgi-bin">    

    SSLOptions +StdEnvVars

</Directory>


BrowserMatch ".*MSIE.*" \         

    nokeepalive ssl-unclean-shutdown \         

    downgrade-1.0 force-response-1.0

CustomLog "/webmail/httpd/logs/ssl_request_log" \

    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


</VirtualHost>


#複製上面那個 VirtualHost part

<VirtualHost *:443>                                                     

ServerName linux131.com.tw

DocumentRoot "/webmail/httpd/data"

ServerAdmin adm@mail2000.com.tw

ErrorLog "/webmail/httpd/logs/error2_log_ssl"

TransferLog "/webmail/httpd/logs/access2_log_ssl"


SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL


SSLCertificateFile "/root/tls2.crt"

SSLCertificateKeyFile "/root/tls2.key"


<FilesMatch "\.(cgi|shtml|phtml|php)$">    

    SSLOptions +StdEnvVars

</FilesMatch>


<Directory "/webmail/httpd/cgi-bin">    

    SSLOptions +StdEnvVars

</Directory>


BrowserMatch ".*MSIE.*" \         

    nokeepalive ssl-unclean-shutdown \         

    downgrade-1.0 force-response-1.0

CustomLog "/webmail/httpd/logs/ssl_request2_log" \ 

    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>


3. 檢查# /webmail/httpd/bin/httpd -t

4. 啟動# /webmail/httpd/bin/apachectl start    or    /webmail/httpd/bin/apachectl  restart


 參考:http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI