Users with legacy Android devices can now access work apps in Google Play

Recently, we announced that your organization’s private apps would move from the “Private Channel” (i.e. the “domain.com” tab) to the “Work Apps” tab in the Google Play Store. We envision this Work Apps section as a single destination where users can find all of the applications they need to be productive on mobile. Using Google Mobile Management, G Suite administrators can offer a curated set of both public and custom apps to their employees in the Work Apps section of Google Play.

Previously, however, employees with Android devices that did not support work profiles could not see the Work Apps tab and the apps their admins had curated. This included any users with Android devices running 5.0 Lollipop or less. With this launch, employees with these older devices can now access the Work Apps tab in Google Play (in their personal profile) and the apps their admins have curated.

Google Play for Work on Legacy Devices

Note that on devices that do support work profiles, the Work Apps tab can only be accessed from Google Play in the work profile.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

 

Reference by Google.com

Support for rotated text, accounting number formats, and more in Google Sheets

We’re working hard to ensure that Google Sheets meets your business needs. As part of that effort, today we’re introducing several enterprise-friendly features that you’ve been asking for in Sheets on the web, Android, and iOS:

Rotated text
You can now rotate the text in a cell in Sheets (Format > Text rotation). This is especially useful when you need to fit long header names into thin columns, or when you simply want to fit more text on a single screen.

 

Rotated text 1

Accounting number formats
We’re making it easier to read your budgets, expense reports, and other spreadsheets containing monetary amounts by aligning the currency symbols within them (Format > Number > Accounting). We’re also making improvements to the way numbers, decimal points, and repeated characters line up to make them simpler to scan and analyze.

Accounting number formats 2

More border styles
You can now choose from several new border styles in Sheets, including various thicknesses and double borders, which are commonly used in financial statements like balance sheets (Toolbar > Borders > Border styles).

Additional improvements on mobile
In addition to the features described above, we’re also launching the following improvements to our mobile apps:

  • Support for using a mouse with the Sheets Android app
  • Ability to view and select existing custom colors in the Sheets Android app
  • Ability to drag and drop rows and columns in the Sheets Android and iOS apps
  • Formatting suggestions in Explore in the Sheets iOS app

For more details, check out the Help Center articles below.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

  • All mobile features
  • Additional border styles on the web

Launching to Rapid release, with Scheduled release coming on March 6, 2017

  • Rotated text on the web
  • Accounting number formats on the web

Editions:
Available to all G Suite editions

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

Reference by Google.com

Resolve conflicting accounts with the new Transfer tool for unmanaged users

If your organization recently made the jump to G Suite, you may have employees who previously set up personal Google Accounts using your company’s domain name. With this launch, we’re making it easier to identify and transfer those accounts before they become conflicting accounts.

Using the new Transfer tool for unmanaged users, you can view all personal Google Accounts with email addresses that match the G Suite email addresses for your organization. You can then send emails to those individuals, requesting that they convert their personal accounts to G Suite accounts. Later, you can view the statuses of those requests and cancel them as necessary.

Transfer tool 2

If an employee accepts your request to transfer their account, you’ll be granted access to their data and given the ability to manage that account. If they decline or ignore your request, they’ll be asked to rename their personal account with a different email address when you create a new G Suite account for them. They’ll retain sole access to and control over all of the data in their personal account.

Transfer tool email

Note that these actions must be performed manually. While you can send requests, cancel requests, and download request statuses for multiple users at once, you can’t yet do so in bulk via an API.

We hope this launch will make the transition to G Suite easier for you and your end users alike. For more information about the Transfer tool, please visit the Help Center.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Editions:
Available to all G Suite editions

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

 

Insert videos from Google Drive in Google Slides

Starting today, you can insert and play your Google Drive videos in Google Slides, in addition to videos from YouTube.

Insert Drive video in Slides

Once you’ve added a Drive video to your presentation, you can choose when to start and end it, whether it should autoplay when presenting, and whether it should be muted or play with audio. Simply right-click on the video and select Video options.

video option

If a person viewing your presentation doesn’t have permission to view a video embedded within it, they’ll be prompted to request access.

Note that while you can play Drive videos in Slides on the web and mobile, you can only insert them from the web application. For more details, visit the Help Center.

Launch Details
Release track:
Launching to Rapid release, with Scheduled release coming in two weeks

Editions:
Available to all G Suite editions

Reference by Google.com

Beware of Spora – a professionally designed ransomware

Spora is a recent addition to the ransomware family that Quick Heal Lab has come across.  It is a file encryptor ransomware that encrypts a user’s files with strong encryption algorithm and demands a ransom. Spora is launched with a good infection routine, the capability to work offline, well-designed and managed payment portal dashboard, decryption key purchase options.

Infection Vector

Spora is delivered to the victim via spam emails containing a malicious .ZIP file as an attachment. This .ZIP file contains an HTML Application (‘.HTA’) file that pretends to be an invoice in .PDF or .DOC format, wearing double extensions to those files (e.g. <file_name>.pdf.HTA). As ‘Hide extensions for known file types’ option is marked checked by default in many systems, it increases the chances of getting trapped in opening an .HTA file by mistaking it for harmless file types.

Infection Routine

Spora has a multistage infection behavior. When a malicious .HTA file is executed, it drops and executes the below files into the system using VBScript program:

  • ‘%Temp%\close.js’
  • ‘%Temp%\doc_6d518e.docx’

• It is actually a file encryptor component that performs file encryption.
• doc_6d518e.docx is a corrupt file that is intentionally dropped and opened to keep the victim busy in viewing it while files are getting encrypted in the background.

spora ransomeware

Figure 1: Corrupt document to fool a victim

Spora was not found appending any extension to the encrypted files. When encryption is over, a ransom note is displayed (shown below), highlighting the uniquely generated ‘Infection ID’ and basic instructions.

spora ransomeware note

Figure 2. Spora ransom note with an infection ID

A .KEY file is dropped on the desktop, containing information about ‘encrypted-encryption keys’ used to encrypt files. In order for the victim to get complete access to the payment portal, they need to upload .KEY file to the portal to synchronize the infected computer with the payment portal. To do so, the below panel is provided.

spora ransomware key

Figure 3. Key upload panel on Spora payment portal

 

Once synchronized, the victim can choose from a number of purchase options available on a ‘My Purchase’ section of the portal.

 

spora ransomeware purchase

Figure 4. Decryptor purchase options

FULL RESTORE – With this, the user can have all their encrypted data restored.

IMMUNITY – With this, the user can buy immunity against future Spora attacks.

REMOVAL – With this, the user can have the Spora malware completely removed from their computer.

FILE RESTORE – Offers two options; decrypt two files for free or decrypt a selection of files for $30.

As you can see, Spora offers the victim with a variety of options to take care of the situation. For instance, a victim might be less likely to pay the ransom because they know they have safely backed up their data. However, they would still want to have the malware removed from the system – which gives the ‘Removal’ option.

Quick Heal Detection
Quick Heal antivirus successfully prevents Spora infections at multiple stages.

Quick Heal Email Protection successfully prevents download of the malicious .ZIP attachment which is the first stage of the infection.

Quick Heal detection

Figure 5. Quick Heal Email Protection

As shown in the image above, the malicious .HTA file has been successfully detected as ‘JS.Nemucod.BJF’ and deleted thereafter.

Quick Heal Anti-ransomware protection successfully detects potential file encryption activities and alerts the user

Quick Heal Anti-Ransomware alert

Figure 6. Quick Heal Anti-Ransomware alert

Quick Heal Behavior Detection System successfully detects malicious activities and alerts the user

Quick Heal Behavior Detection System alert

Figure 7. Quick Heal Behavior Detection System alert

Conclusion
It is not hard to guess that the creators of Spora have taken their time in developing this ransomware to make it effective, and professional at the same time.

A nicely designed decryptor portal dashboard, synchronization between the portal and infected system using a .KEY file, and multiple purchase option for decryption signify how attackers are using complex tactics in creating ransomware.

How to stay safe against such ransomware attacks

  • Never download attachments that arrive in emails from unknown or unexpected sources.
  • Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
  • Apply all recommended security updates (patches) to your Operating System, and programs like Adobe, Java, web browsers, etc.
  • Install an antivirus software that offers several layers of security. More importantly, keep the software up-to-date.

 

Reference by Quick Heal

Data Privacy Day – 10 tips to keep your data secure

Recognized annually on January 28th, Data Privacy Day is defined as a centered approach towards respecting privacy, safeguarding data, and enabling trust. It is a global effort to raise and promote awareness around protecting one’s data and privacy. With this thought in mind, we have put together these 10 security tips on Data Privacy Day.

10 Security Tips on Data Privacy Day

1. Change the passwords of your online accounts. Here are some tips to build strong and unique ones:

  • Use a mix of uppercase and lower letters
  • Use special characters
  • Use numbers
  • Use at least 8 characters

Also, here’s a fun way to create a password that is strong and can be easily remembered. First, think of a phrase or the title of your favorite book or movie; say, “The Girl With The Dragon Tatoo”. Now, take the first letter of every word in the title – this will give you tgwtdt. Capitalize a letter, add some numbers, and special characters – and you will have the ultimate password Tgwtdt#$8945B. We tested the strength of this password, and it seems that a hacker will take about 273 years to crack it. Find it out yourself – https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html

2. Take a back up of all your important data stored on your computer and mobile device. You can either take the backup over Cloud or an external hard drive. Taking regular data backups can save you from the aftermath of a virus attack or system crash – especially a ransomware infection. Ransomware is a malware that hijacks your data and demands money (ransom) to release it.

3. Data Privacy Day is not only about storing or saving data. It also advocates the importance of disposing of your information securely. Data that you delete from your computer or mobile device does not really get deleted permanently. It can still be recovered with advanced data recovery tools. So, while removing sensitive information, ensure it is gone forever. Know how to delete your data securely.

4. It is unsafe to store login ID and passwords, banking details, social security number, and other such sensitive information on your mobile device or computer. But, if you can’t help it, ensure that the data is encrypted. When you encrypt an information, it gets converted into an unreadable form, and can only be read by you. So, even if a situation arises wherein your data falls into the wrong hands, you can rest assured that it won’t get misused.

5. Just like you won’t hand over your wallet, ID card, or house key to a stranger, avoid sharing your personal information on the Internet; these could be unfamiliar websites, survey forms, online friends, unsolicited emails, and anything/anybody that asks for your information. When it comes to Data Privacy, it’s wise to be a miser in sharing your data.

6. Banking or shopping online using unsecured Wi-Fi networks can let attackers steal your personal and financial information. While using any such network, ensure it is accessible only with a login ID and password.

7. Before installing any mobile app, review its permissions carefully. Many a time, you may come across an app that asks for permissions that are not actually required for it to function on your device. For instance, if a simple Flash Light app is asking your permission to access your device’s Internet, contact details, photos, etc., then chances are it is a malicious or a potentially dangerous app. So, stay cautious against such threats.

8. One of the greatest threats to your data and privacy is phishing. Phishing is defined as an attempt to trick you into providing your personal or financial details so that the attacker can commit illegal acts using your name. Any unknown or unexpected communication (email, call, SMS, etc.) that carries a sense of urgency and requires you to provide your personal information should be treated as a phishing attack. Always ignore such communications and report them to the right authority.

9. With mobile devices becoming an integral part of our everyday lives, they store massive amounts of data about us, our friends and family members. More importantly, being smaller and compact, they are more vulnerable to theft. So, it is only logical to protect these devices with a PIN, fingerprint or a password. We do not recommend the Pattern Lock because they are easily noticeable and less secure. Also, it is wise to keep the Automatic Lock feature ON at all times.

10. While you follow all the steps mentioned above, also consider getting a trusted antivirus solution. The software that you choose must offer multiple layers of security that can block ransomware, fake, infected and phishing websites, emails designed for phishing attacks, malicious downloads, and unauthorized data storage devices.

 

Reference by Quick Heal

Gmail will block .js file attachments starting February 13, 2017

Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well. Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why.

If you still need to send .js files for legitimate reasons, you can use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files.Gmail will restrict js file attachments

Launch Details
Release track:
Launching to Rapid release on February 13, 2017, with Scheduled release coming 2 weeks afterward

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1-3 days for feature visibility)

Reference by Google.com

Creating files from templates now easier in Google Drive

Since 2015, we’ve been making it easier to focus on your content—not your formatting—with templates in Google Docs, Sheets, Slides, and Forms. We’ve introduced templates for invoices, pitch decks, and cases studies, as well as templates designed by experts and developed specifically for your organization.
Today, we’re making it easier for users to create files from templates by granting access to templates directly from Google Drive. Instead of navigating to the Docs, Sheets, Slides, or Forms home pages, you can simply go to Drive > New > Google Docs/Sheets/Slides/Forms > From a template. From there, you’ll be directed to the applicable template gallery, where you can select the template of your choice.

Google Drive Templates Submenu

For more details on templates, visit the Help Center.
Launch Details
Release track:
Launching to Rapid release, with Scheduled release coming in three weeks
Editions:
Available to all G Suite editions
Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)
Impact:
All end users
Action:
Change management suggested/FYI

Reference by Google.com

How To Install an SSL Certificate from a Commercial Certificate Authority on raw Linux Server

Introduction

This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The main benefit of using a purchased SSL certificate from a trusted CA, over self-signed certificates, is that your site’s visitors will not be presented with a scary warning about not being able to verify your site’s identity.

You may use any other CA of your choice.

After you have acquired your SSL certificate, we will show you how to install it on Nginx and Apache HTTP web servers.

 Prerequisites

There are several prerequisites that you should ensure before attempting to obtain an SSL certificate from a commercial CA. This section will cover what you will need in order to be issued an SSL certificate from most CAs.

Registered Domain Name

Before acquiring an SSL certificate, you must own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may register one with one of the many domain name registrars out there (e.g. Namecheap, GoDaddy, etc.).

Domain Validation Rights

For the basic domain validation process, you must have access to one of the email addresses on your domain’s WHOIS record or to an “admin type” email address at the domain itself. Certificate authorities that issue SSL certificates will typically validate domain control by sending a validation email to one of the addresses on the domain’s WHOIS record, or to a generic admin email address at the domain itself. Some CAs provide alternative domain validation methods, such as DNS- or HTTP-based validation, which are outside the scope of this guide.

If you wish to be issued an Organization Validation (OV) or Extended Validation (EV) SSL certificate, you will also be required to provide the CA with paperwork to establish the legal identity of the website’s owner, among other things.

Web Server

In addition to the previously mentioned points, you will need a web server to install the SSL certificate on. This is the server that is reachable at the domain name for which the SSL certificate will be issued for. Typically, this will be an Apache HTTP, Nginx, HAProxy, or Varnish server. If you need help setting up a web server that is accessible via your registered domain name, follow these steps:

  1. Set up a web server of your choice. For example, a LEMP (Nginx) or LAMP (Apache) server–be sure to configure the web server software to use the name of your registered domain
  2. Configure your domain to use the appropriate nameservers. If your web server is hosted on DigitalOcean, this guide can help you get set up: How To Point to DigitalOcean’s Nameservers from Common Domain Registrars
  3. Add DNS records for your web server to your nameservers. If you are using DigitalOcean’s nameservers, follow this guide to learn how to add the appropriate records: How To Set Up a Host Name with DigitalOcean

Choose Your Certificate Authority

If you are not sure of which Certificate Authority you are going to use, there are a few important factors to consider. At an overview level, the most important thing is that the CA you choose provides the features you want at a price that you are comfortable with. This section will focus more on the features that most SSL certificate buyers should be aware of, rather than prices.

Certificate Types

Ensure that you choose a CA that offers the certificate type that you require. Many CAs offer variations of these certificate types under a variety of, often confusing, names and pricing structures. Here is a short description of each type:

  • Single Domain: Used for a single domain, e.g. example.com. Note that additional subdomains, such as www.example.com, are not included
  • Wildcard: Used for a domain and any of its subdomains. For example, a wildcard certificate for *.example.com can also be used for www.example.com and store.example.com
  • Multiple Domain: Known as a SAN or UC certificate, these can be used with multiple domains and subdomains that are added to the Subject Alternative Name field. For example, a single multi-domain certificate could be used with example.com, www.example.com, and example.net

In addition to the aforementioned certificate types, there are different levels of validations that CAs offer. We will cover them here:

  • Domain Validation (DV): DV certificates are issued after the CA validates that the requestor owns or controls the domain in question
  • Organization Validation (OV): OV certificates can be issued only after the issuing CA validates the legal identity of the requestor
  • Extended Validation (EV): EV certificates can be issued only after the issuing CA validates the legal identity, among other things, of the requestor, according to a strict set of guidelines. The purpose of this type of certificate is to provide additional assurance of the legitimacy of your organization’s identity to your site’s visitors. EV certificates can be single or multiple domain, but not wildcard

This guide will show you how to obtain a single domain or wildcard SSL certificate from GoDaddy and RapidSSL, but obtaining the other types of certificates is very similar.

Additional Features

Many CAs offer a large variety of “bonus” features to differentiate themselves from the rest of the SSL certificate-issuing vendors. Some of these features can end up saving you money, so it is important that you weigh your needs against the offerings carefully before making a purchase. Example of features to look out for include free certificate reissues or a single domain-priced certificate that works for www. and the domain basename, e.g. www.example.com with a SAN of example.com

 

Generate a CSR and Private Key

After you have all of your prerequisites sorted out, and you know the type of certificate you want to get, it’s time to generate a certificate signing request (CSR) and private key.

If you are planning on using Apache HTTP or Nginx as your web server, use openssl to generate your private key and CSR on your web server. In this tutorial, we will just keep all of the relevant files in our home directory but feel free to store them in any secure location on your server:

cd ~

To generate a private key, called example.com.key, and a CSR, called example.com.csr, run this command (replace the example.com with the name of your domain):

openssl req -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

At this point, you will be prompted for several lines of information that will be included in your certificate request. The most important part is the Common Name field which should match the name that you want to use your certificate with–for example, example.com, www.example.com, or (for a wildcard certificate request) *.example.com. If you are planning on getting an OV or EV certificate, ensure that all of the other fields accurately reflect your organization or business details.

For example:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:sammy@example.com

This will generate a .key and .csr file. The .key file is your private key, and should be kept secure. The .csr file is what you will send to the CA to request your SSL certificate.

You will need to copy and paste your CSR when submitting your certificate request to your CA. To print the contents of your CSR, use this command (replace the filename with your own):

cat example.com.csr

Now we are ready to buy a certificate from a CA.

Please note: If you are asked to enter password do not use alpha numeric characters. Use only alphabets

Install Certificate On Web Server

After acquiring your certificate from the CA of your choice, you must install it on your web server. This involves adding a few SSL-related lines to your web server software configuration.

We will cover basic Nginx and Apache HTTP configurations on Ubuntu 14.04 in this section.

We will assume the following things:

  • The private key, SSL certificate, and, if applicable, the CA’s intermediate certificates are located in a home directory at /home/sammy
  • The private key is called example.com.key
  • The SSL certificate is called example.com.crt
  • The CA intermediate certificate(s) are in a file called intermediate.crt
  • If you have a firewall enabled, be sure that it allows port 443 (HTTPS)

Note: In a real environment, these files should be stored somewhere that only the user that runs the web server master process (usually root) can access. The private key should be kept secure.

Nginx

If you want to use your certificate with Nginx on Ubuntu 14.04, follow this section.

With Nginx, if your CA included an intermediate certificate, you must create a single “chained” certificate file that contains your certificate and the CA’s intermediate certificates.

Change to the directory that contains your private key, certificate, and the CA intermediate certificates (in the intermediate.crt file). We will assume that they are in your home directory for the example:

cd ~

Assuming your certificate file is called example.com.crt, use this command to create a combined file called example.com.chained.crt (replace the highlighted part with your own domain):

cat example.com.crt intermediate.crt > example.com.chained.crt

Now go to your Nginx server block configuration directory. Assuming that is located at /etc/nginx/sites-enabled, use this command to change to it:

cd /etc/nginx/sites-enabled

Assuming want to add SSL to your default server block file, open the file for editing:

sudo vi default

Find and modify the listen directive, and modify it so it looks like this:

    listen 443 ssl;

Then find the server_name directive, and make sure that its value matches the common name of your certificate. Also, add the ssl_certificate and ssl_certificate_key directives to specify the paths of your certificate and private key files (replace the highlighted part with the actual path of your files):

    server_name example.com;
    ssl_certificate /home/sammy/example.com.chained.crt;
    ssl_certificate_key /home/sammy/example.com.key;

To allow only the most secure SSL protocols and ciphers, add the following lines to the file:

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

If you want HTTP traffic to redirect to HTTPS, you can add this additional server block at the top of the file (replace the highlighted parts with your own information):

server {
    listen 80;
    server_name example.com;
    rewrite ^/(.*) https://example.com/$1 permanent;
}

Then save and quit.

Now restart Nginx to load the new configuration and enable TLS/SSL over HTTPS!

sudo service nginx restart

Test it out by accessing your site via HTTPS, e.g. https://example.com.

Apache

If want to use your certificate with Apache on Ubuntu 14.04, follow this section.

Make a backup of your configuration file by copying it. Assuming your server is running on the default virtual host configuration file, /etc/apache2/sites-available/000-default.conf, use these commands to to make a copy:

cd /etc/apache2/sites-available
cp 000-default.conf 000-default.conf.orig

Then open the file for editing:

sudo vi 000-default.conf

Find the <VirtualHost *:80> entry and modify it so your web server will listen on port 443:

<VirtualHost *:443>

Then add the ServerName directive, if it doesn’t already exist (substitute your domain name here):

ServerName example.com

Then add the following lines to specify your certificate and key paths (substitute your actual paths here):

SSLEngine on
SSLCertificateFile /home/sammy/example.com.crt
SSLCertificateKeyFile /home/sammy/example.com.key

If you are using Apache 2.4.8 or greater, specify the CA intermediate bundle by adding this line (substitute the path):

SSLCACertificateFile /home/sammy/intermediate.crt

If you are using an older version of Apache, specify the CA intermediate bundle with this line (substitute the path):

SSLCertificateChainFile /home/sammy/intermediate.crt

At this point, your server is configured to listen on HTTPS only (port 443), so requests to HTTP (port 80) will not be served. To redirect HTTP requests to HTTPS, add the following to the top of the file (substitute the name in both places):

<VirtualHost *:80>
   ServerName example.com
   Redirect permanent / https://example.com/
</VirtualHost>

Save and exit.

Enable the Apache SSL module by running this command:

sudo a2enmod ssl

Now restart Apache to load the new configuration and enable TLS/SSL over HTTPS!

sudo service apache2 restart

How to make more secure :

<VirtualHost *:80> ServerName example.com Redirect permanent / https://www.example.com/

</VirtualHost>

<VirtualHost *:443> ServerName example.com SSLEngine on SSLCertificateFile /home/example/www_example_com.crt

SSLCertificateKeyFile /home/example/example_com.key

SSLCACertificateFile /home/example/intermediate.crt

SSLProtocol -all +TLSv1.2 
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
SSLHonorCipherOrder on 
SSLCompression off 
SSLSessionTickets off 
ServerAdmin webmaster@localhost 
DocumentRoot /var/www/html <Directory 
/var/www/html/> Options Indexes FollowSymLinks AllowOverride All 
Require all granted </Directory> 
ErrorLog ${APACHE_LOG_DIR}/error.log 
CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost>