SSLMate · onnozweers · Feb 4, 2015 · Feb 4, 2015 · Feb 4, 2015 · Feb 4, 2015
diff --git a/templates.index b/templates.index
@@ -5,3 +5,4 @@ titus		titus
 dovecot2	Dovecot 2
 postfix		Postfix
 prosody		Prosody
+directadmin 	DirectAdmin
diff --git a/templates/directadmin+mozilla b/templates/directadmin+mozilla
@@ -0,0 +1,24 @@
+# Paste these lines into the "Custom HTTPD Configurations" for your domain.
+# You need admin access to DirectAdmin.
+|?KEY=__KEY_PATH__|
+|?CERT=__CHAINED_PATH__|
+|?CAROOT=|
+
+# Instead, you could also use these more generic lines with the DOMAIN DirectAdmin macro:
+|?KEY=/etc/sslmate/www.`DOMAIN`.key|
+|?CERT=/etc/sslmate/www.`DOMAIN`.chained.crt|
+|?CAROOT=|
+
+# If you don't have admin access to DirectAdmin, you can paste the cert, 
+# chain and key into the "SSL Certificates" form; both the key and the 
+# host cert into the "Paste a pre-generated certificate and key" field, 
+# and the chain into the form at "Click Here to paste a CA Root Certificate".
+
+# Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+SSLHonorCipherOrder on
+SSLCompression off
+
+# Enable this if you want HSTS (recommended)
+# Header add Strict-Transport-Security "max-age=15768000"