![\"ssltest\"](\"https:\/\/blog.freesilo.com\/wp-content\/uploads\/2016\/12\/ssltest.png\")
<\/p>\n<\/p>\n
\u5148\u770b\u6d4b\u8bd5\u7ed3\u679c\uff1ahttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=cnlic.com&latest<\/a><\/p>\n 1\u3001\u5168\u7ad9https\uff1a\u91cd\u5b9a\u5411http\u8bf7\u6c42\u81f3https<\/p>\n \/etc\/apache2\/sites-available\/cnlic80.conf\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n \/etc\/apache2\/sites-available\/cnlic443.conf\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n 2\u3001\u7981\u7528SSLv2\u3001SSLv3\u534f\u8bae 3\u3001\u53ea\u542f\u7528\u5b89\u5168\u7684SSL\u52a0\u5bc6\u5957\u4ef6 \u6ce8\uff1aIE 6 \/ XP\u4e5f\u662f\u652f\u6301\u7684\uff0c\u4f46\u9700\u8981\u5728IE\u8bbe\u7f6e\u9ad8\u7ea7\u9009\u9879\u4e2d\u6253\u5f00\u201c\u4f7f\u7528 TLS 1.0\u201d \/etc\/apache2\/sites-available\/cnlic443.conf\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\na2enmod ssl\r\na2enmod rewrite<\/pre>\n
<VirtualHost *:80>\r\n\tServerAdmin webmaster@localhost\r\n\tDocumentRoot \/var\/www\/html\r\n\r\n\tErrorLog ${APACHE_LOG_DIR}\/error.log\r\n\tCustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n\r\n\t<IfModule mod_rewrite.c>\r\n\t RewriteEngine On\r\n\t RewriteCond %{HTTPS} off\r\n\t RewriteRule (.*) https:\/\/%{HTTP_HOST}%{REQUEST_URI}\r\n\t<\/IfModule>\r\n<\/VirtualHost><\/pre>\n<IfModule mod_ssl.c>\r\n\t<VirtualHost *:443>\r\n\t\tServerAdmin webmaster@localhost\r\n\t\tDocumentRoot \/var\/www\/html\r\n\r\n\t\tErrorLog ${APACHE_LOG_DIR}\/error.log\r\n\t\tCustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n\r\n\t\tSSLEngine On\r\n\t\tSSLCertificateFile\t\/etc\/apache2\/ssl\/cnlic_com.crt\r\n\t\tSSLCertificateKeyFile\t\/etc\/apache2\/ssl\/cnlic_com.key\r\n\t<\/VirtualHost>\r\n<\/IfModule><\/pre>\na2dissite 000-default\r\na2dissite default-ssl\r\na2ensite cnlic80\r\na2ensite cnlic443<\/pre>\n
\n\/etc\/apache2\/sites-available\/cnlic443.conf\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n<IfModule mod_ssl.c>\r\n\t<VirtualHost *:443>\r\n\t\tServerAdmin webmaster@localhost\r\n\t\tDocumentRoot \/var\/www\/html\r\n\r\n\t\tErrorLog ${APACHE_LOG_DIR}\/error.log\r\n\t\tCustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n\r\n\t\tSSLEngine On\r\n\t\tSSLProtocol all -SSLv2 -SSLv3\r\n\t\tSSLCertificateFile\t\/etc\/apache2\/ssl\/cnlic_com.crt\r\n\t\tSSLCertificateKeyFile\t\/etc\/apache2\/ssl\/cnlic_com.key\r\n\t<\/VirtualHost>\r\n<\/IfModule><\/pre>\n
\n\/etc\/apache2\/sites-available\/cnlic443.conf\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n<IfModule mod_ssl.c>\r\n\t<VirtualHost *:443>\r\n\t\tServerAdmin webmaster@localhost\r\n\t\tDocumentRoot \/var\/www\/html\r\n\r\n\t\tErrorLog ${APACHE_LOG_DIR}\/error.log\r\n\t\tCustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n\r\n\t\tSSLEngine On\r\n\t\tSSLProtocol all -SSLv2 -SSLv3\r\n\t\tSSLCertificateFile\t\/etc\/apache2\/ssl\/cnlic_com.crt\r\n\t\tSSLCertificateKeyFile\t\/etc\/apache2\/ssl\/cnlic_com.key\r\n\t\tSSLHonorCipherOrder On\r\n\t\tSSLCipherSuite \"ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DES-CBC3-SHA\"\r\n\t<\/VirtualHost>\r\n<\/IfModule><\/pre>\n
\n4\u3001\u5f00\u542fStrict Transport Security (HSTS)<\/p>\na2enmod headers<\/pre>\n
<IfModule mod_ssl.c>\r\n\t<VirtualHost *:443>\r\n\t\tServerAdmin webmaster@localhost\r\n\t\tDocumentRoot \/var\/www\/html\r\n\r\n\t\tErrorLog ${APACHE_LOG_DIR}\/error.log\r\n\t\tCustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n\r\n\t\tHeader always set Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\"\r\n\r\n\t\tSSLEngine On\r\n\t\tSSLProtocol all -SSLv2 -SSLv3\r\n\t\tSSLCertificateFile\t\/etc\/apache2\/ssl\/cnlic_com.crt\r\n\t\tSSLCertificateKeyFile\t\/etc\/apache2\/ssl\/cnlic_com.key\r\n\t\tSSLHonorCipherOrder On\r\n\t\tSSLCipherSuite \"ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DES-CBC3-SHA\"\r\n\t<\/VirtualHost>\r\n<\/IfModule><\/pre>\n
![\"pin-sha256\"](\"https:\/\/blog.freesilo.com\/wp-content\/uploads\/2016\/12\/pin-sha256.png\")