* docs/conf/extra/httpd-ssl.conf.in: Don't reference directories which

#   in mind that if you have both an RSA and a DSA certificate you

#   can configure both in parallel (to also allow the use of DSA

#   ciphers, etc.)

SSLCertificateFile @exp_sysconfdir@/ssl.crt/server.crt

#SSLCertificateFile @exp_sysconfdir@/ssl.crt/server-dsa.crt

SSLCertificateFile @exp_sysconfdir@/server.crt

#SSLCertificateFile @exp_sysconfdir@/server-dsa.crt

#   Server Private Key:

#   If the key is not combined with the certificate, use this

#   directive to point at the key file.  Keep in mind that if

#   you've both a RSA and a DSA private key you can configure

#   both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile @exp_sysconfdir@/ssl.key/server.key

#SSLCertificateKeyFile @exp_sysconfdir@/ssl.key/server-dsa.key

SSLCertificateKeyFile @exp_sysconfdir@/server.key

#SSLCertificateKeyFile @exp_sysconfdir@/server-dsa.key

#   Server Certificate Chain:

#   Point SSLCertificateChainFile at a file containing the

#   the referenced file can be the same as SSLCertificateFile

#   when the CA certificates are directly appended to the server

#   certificate for convinience.

#SSLCertificateChainFile @exp_sysconfdir@/ssl.crt/ca.crt

#SSLCertificateChainFile @exp_sysconfdir@/server-ca.crt

#   Certificate Authority (CA):

#   Set the CA certificate verification path where to find CA

#   Similarly, one has to force some clients to use HTTP/1.0 to workaround

#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and

#   "force-response-1.0" for this.

SetEnvIf User-Agent ".*MSIE.*" \

BrowserMatch ".*MSIE.*" \

         nokeepalive ssl-unclean-shutdown \

         downgrade-1.0 force-response-1.0