Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
None
Description
Reply…
Also send to incommon-grouper
incommon-grouper
Benjamin Rappleyea and you
Benjamin Rappleyea
1 day ago
If "servername" is not being written into ssl-enabled.conf is there a way to add it so that it will?
Show 3 more replies
Benjamin Rappleyea
1 day ago
- modern configuration, tweak to your needs
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
- OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling off
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
Listen 8443 https
<VirtualHost *:8443>
ServerName example.server.name.edu
RewriteEngine on
RewriteRule "^/$" "/grouper/" [R]
SSLEngine on
#SSLCertificateChainFile _GROUPER_SSL_CHAIN_FILE_
SSLCertificateFile /path/to/file.cert
SSLCertificateKeyFile /path/to/file.key
- HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
New
Added to your saved items
Benjamin Rappleyea
4 hours ago
@mchyzer
I discovered a typo in my SSLCertificateKeyFile path that was causing this file to stop the build, however, I am still overlaying the file because the normal process doesn't populate the ServerName in order to give Shib the data it needs.
Chris Hyzer
< 1 minute ago
i dont know when i can get an example for you, but basically i think you need a grouperScriptHooks.sh which runs a sed on the files to change them... is that possible? :slightly_smiling_face:
Chris Hyzer
< 1 minute ago
maybe we need a built in for servername too... to make it easier...