HTTP Default Port 80 VS HTTPS Default Port 443.
Apache2.2
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /.../secure.crt
SSLCertificateKeyFile /.../secure.key
#CA certificate
#Intermediate SSL Certificate,Chained SSL Certificate
#e.g: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=SO15464
SSLCACertificateFile /.../ca-certificates.crt
#proxy_ajp
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
ServerName localhost #disable waring ...127.0.1.1
/usr/sbin/apache2ctl -v
Tomcat6:
http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat
http://www.software.co.il/case-studies/265-ssl-and-certificate-how-to-apache-22-and-tomcat-6-ubuntu-1004-1010-1104.html
如果使用子域名通配符SSL证书(wildcard SSL certificate),就能在一个IP地址上部署多个HTTPS子域名.
UCC(统一通信证书,Unified Communications Certificate)支持一张证书同时匹配多个站点,可以是完全不同的域名。
SNI(服务器名称指示,Server Name Indication)允许一个IP地址上多个域名安装多张证书。
Disable Weak Ciphers
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
https://www.ssllabs.com/ssldb/analyze.html?d=YourDomain