1, for a free ssl certificate
On freessl can apply for free, follow the prompts.
2, upload the certificate to the server.
3, the configuration apache: directly on the code can be changed about the inside of the three paths.
<VirtualHost *:443> DocumentRoot /var/www/xxx ServerName xxx.xxx.com ServerAlias xxx.xxx.com ErrorLog "/var/log/httpd/xxx-error.log" CustomLog "/var/log/httpd/xxx.log" common SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateChainFile /etc/ssl/xxx/full_chain_rsa.crt SSLCertificateFile /etc/ssl/xxx/cert.pem SSLCertificateKeyFile /etc/ssl/xxx/key.pem SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256: ECDHE: ECDH: AES: HIGH:! Null:! Anull:! MD5:! LOVE:! RC4:! DH :! GOD SSLHonorCipherOrder from </ VirtualHost>
Explanation:
(1)SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Disable unsafe protocols -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
(2)SSLCertificateChainFile /etc/ssl/xxx/full_chain_rsa.crt
Certificate chain file, if not configured this one, in some browsers can open the site, but in some payment requirements more stringent occasions, may report a failure.
3, restart apache
service httpd restart
It provides two useful test site ssl site configuration