# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
-SSLCertificateFile @exp_sysconfdir@/ssl.crt/server.crt
-#SSLCertificateFile @exp_sysconfdir@/ssl.crt/server-dsa.crt
+SSLCertificateFile @exp_sysconfdir@/server.crt
+#SSLCertificateFile @exp_sysconfdir@/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile @exp_sysconfdir@/ssl.key/server.key
-#SSLCertificateKeyFile @exp_sysconfdir@/ssl.key/server-dsa.key
+SSLCertificateKeyFile @exp_sysconfdir@/server.key
+#SSLCertificateKeyFile @exp_sysconfdir@/server-dsa.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
-#SSLCertificateChainFile @exp_sysconfdir@/ssl.crt/ca.crt
+#SSLCertificateChainFile @exp_sysconfdir@/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
-SetEnvIf User-Agent ".*MSIE.*" \
+BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0