LoadModule gnutls_module modules/mod_gnutls.so

GnuTLSCache dbm "/var/cache/mod_gnutls"
GnuTLSCacheTimeout 300
GnuTLSPriorities @SYSTEM
Listen 443

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
#ServerName www.example.com:443

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

#   Enable GnuTLS for this virtual host
GnuTLSEnable on

# Enable Session Tickets for the server
#GnuTLSSessionTickets on

# Set the certificate and private key files. These can
# also be PKCS #11 URLs.
#GnuTLSCertificateFile /etc/pki/httpd/public/server.crt
#GnuTLSKeyFile /etc/pki/httpd/private/server.key

# These can also be PKCS #11 URLs. Note: SELinux denies
# access to accessing HSM.
#GnuTLSCertificateFile "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1fd5a8f7cc3ec73b;token=soft%20token;id=%46%3a%3f%03%18%46%22%a9%71%64%3f%60%ac%cd%fc%1f%88%c7%b6%31;object=server-soft;type=cert"
#GnuTLSKeyFile "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f0490bea351ba5b1;token=System%20softtoken;id=%00%01%02%03%04%05;object=server-key;type=private;pin-value=2092"

# Set `GnuTLSPIN` if the key file is encrypted.
#GnuTLSPIN 1234

# Enable Client Certificate Verification
# GnuTLSClientVerify [ignore|request|require]
GnuTLSClientVerify ignore

# Set the allowed ciphers, key exchange algorithms, MACs and compression
# methods
#GnuTLSPriorities @SYSTEM
#GnuTLSPriorities PERFORMANCE

# For PKCS #11 support
# Load an additional (to p11-kit registered) PKCS #11 module.
#GnuTLSP11Module PATH_TO_LIBRARY

</VirtualHost>