需求:ASP 業者希望可以依照客戶網域個別設定 https 憑證條件:apache 2.2.12 以上 使用 openssl 0.98f 以上限制:瀏覽器有支援的版本需求 (特別注意的是 win XP 上任何的 IE 版本都不支援)
- Mozilla Firefox 2.0 or later
- Opera 8.0 or later (with TLS 1.1 enabled)
- Internet Explorer 7.0 or later (on Vista, not XP)
- Google Chrome
- Safari 3.2.1 on Mac OS X 10.5.6
步驟說明: Mail2000 V60 預設 apache 為 2.2.22 openssl 0.98k,因此調整相關設定即可
1. 開啟 httpd.conf 中 Include conf/extra/m2k_ssl.conf
2. vim /webmail/httpd/conf/extra/m2k_ssl.conf (黑字為原本的,紅字為附加,藍字為修改)
Listen 443
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/webmail/httpd/logs/ssl_scache(512000)"SSLSessionCacheTimeout 300
SSLMutex "file:/webmail/httpd/logs/ssl_mutex"
<VirtualHost *:443>
ServerName linux131.com
DocumentRoot "/webmail/httpd/data"
ServerAdmin adm@mail2000.com.tw
ErrorLog "/webmail/httpd/logs/error_log_ssl"
TransferLog "/webmail/httpd/logs/access_log_ssl"
SSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL
SSLCertificateFile "/root/tls.crt"
SSLCertificateKeyFile "/root/tls.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/webmail/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/webmail/httpd/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
#複製上面那個 VirtualHost part
<VirtualHost *:443>
ServerName linux131.com.tw
DocumentRoot "/webmail/httpd/data"
ServerAdmin adm@mail2000.com.tw
ErrorLog "/webmail/httpd/logs/error2_log_ssl"
TransferLog "/webmail/httpd/logs/access2_log_ssl"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL
SSLCertificateFile "/root/tls2.crt"
SSLCertificateKeyFile "/root/tls2.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/webmail/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/webmail/httpd/logs/ssl_request2_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
3. 檢查# /webmail/httpd/bin/httpd -t
4. 啟動# /webmail/httpd/bin/apachectl start or /webmail/httpd/bin/apachectl restart