Listen 0.0.0.0:443 https TraceEnable off ServerSignature Off ServerTokens Prod WSGIPythonHome /opt/privacyidea WSGISocketPrefix /var/run/wsgi ServerAdmin webmaster@localhost ServerName localhost DocumentRoot /var/www Require all granted Options FollowSymLinks AllowOverride None ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea WSGIProcessGroup privacyidea WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi SSLEngine On SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite EECDH+AES256:DHE+AES256:EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5 BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"