Apache HTTP Server/mod_gnutls

From ArchWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

From mod_gnutls wiki:

mod_gnutls is an extension for ​Apache's httpd uses the ​GnuTLS library to provide HTTPS.
It is similar to ​mod_ssl in purpose, but it supports some features and protocols that mod_ssl does not, and it does not use ​OpenSSL.

Installation

Install mod_gnutlsAUR, available in the Arch User Repository.

Configure Apache

Add these lines to /etc/httpd/conf/httpd.conf: 

LoadModule gnutls_module modules/mod_gnutls.so
Include conf/extra/httpd-gnutls.conf

Make sure that the following line is commented in /etc/httpd/conf/httpd.conf: 

Include conf/extra/httpd-ssl.conf

Make sure no vhost definitions include mod_ssl.

Create the file /etc/httpd/conf/extra/httpd-gnutls.conf with the following content: 

/etc/httpd/conf/extra/httpd-gnutls.conf
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

GnuTLSCache dbm "/var/run/httpd/gnutls_scache"
GnuTLSCacheTimeout 600

<VirtualHost _default_:443>

DocumentRoot "/srv/http"
ServerName www.example.org
ServerAdmin youremail@example.org
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"

GnuTLSEnable on
GnuTLSPriorities NORMAL

GNUTLSExportCertificates on

GnuTLSCertificateFile /path/to/certificate/domain.tld.crt
GnuTLSKeyFile /path/to/certificate/domain.tld.key

</VirtualHost>

Restart httpd.service.

Check that Apache loaded correctly and answers on port 443.

Additional documentation of configuration directives is on the outoforder.cc mod_gnutls documentation page.

Testing

You can test or verify your https configuration via SSL Labs analyze tool.