X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=sites-available%2Fdefault-ssl;h=37ddad3d11f142a3b23f7765485d7d3f5f843f05;hb=2587c8d61609bb7df9d8feeca820bbaceb6a49de;hp=88f79a1b22d6ed0124ad4a9cb09d4f60055f676b;hpb=cc88b712404442e61e0710d519a53a136b6def5e;p=sysconfig%2Fapache2.git

diff --git a/sites-available/default-ssl b/sites-available/default-ssl
index 88f79a1..37ddad3 100644
--- a/sites-available/default-ssl
+++ b/sites-available/default-ssl
@@ -11,7 +11,9 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile    /etc/ssl/certs/general-web.crt
+	SSLCertificateFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt
+	SSLCertificateChainFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt
+	#SSLCertificateFile    /etc/ssl/certs/general-web.crt
 	SSLCertificateKeyFile /etc/ssl/private/general-web.key
 
 	#   Server Certificate Chain:
@@ -125,8 +127,11 @@
 	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 	#   "force-response-1.0" for this.
-	BrowserMatch ".*MSIE.*" \
+	BrowserMatch "MSIE [2-6]" \
 		nokeepalive ssl-unclean-shutdown \
 		downgrade-1.0 force-response-1.0
+	# MSIE 7 and newer should be able to use keepalive
+	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
 </VirtualHost>
 </IfModule>