Архів теґу: SSL

Configure Apache for A-rating on SSLLabs

Just add following lines to vhost.conf SSLEngine on SSLProtocol TLSv1.2 TLSv1.1 SSLProxyProtocol TLSv1.2 TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25

Certificate order in Haproxy PEM file

For SSL in Haproxy you need to create PEM-file and put cert plus private key. But in right order —–BEGIN MY CERTIFICATE—– —–END MY CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN ROOT CERTIFICATE—– —–END ROOT CERTIFICATE—– —–BEGIN RSA PRIVATE KEY—– —–END RSA PRIVATE KEY—–