Alas, this is only for a specific domain name, such as
app.project.org
, rather than for a wildcard domain, such as *.project.org
, and at this stage, I'm not entirely sure if the certificate is also renewable for free after one year. But at least, this now allows me to offer access to Rufus from https://rufus.akeo.ie.Oh, and once your site is set for SSL, you probably want to ensure that it is properly configured by running it through Qualys SSL Labs' excellent SSL analysis tool.
And I'm just going to jolt down that, to get a proper grade with Apache, you may have to edit your
/etc/apache2/mods-enabled/ssl.conf
and set the following:SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
No comments:
Post a Comment