Apache Config
#Apache Config#
apachectl configtest
#Force to only use SSL# in /etc/apache2/apache.conf
<Directory /var/www/html>
SSLRequireSSL
</Directory>
#Virtual Host# in /etc/apache2/apache.conf
<VirtualHost *:443>
ServerAdmin yourname@gmail.com
DocumentRoot "/var/www/html"
ServerName server.com
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
# Uncomment the following directive when using client certificate authentication
#SSLCACertificateFile /path/to/ca_certs_for_client_authentication
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
#Enable Headers#
a2enmod
then
headers
#Restarting the Server#
service apache2 restart