httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott (" <>
Subject Re: [users@httpd] Ignore SSL key/certificate errors
Date Thu, 08 Jan 2015 19:59:49 GMT
Found the below online. You should be able to run that to give you a good
idea that nothing has been tampered with before allowing it into the config.

----- If everything matches (same modulus), the files are compatible. If
not, One of the file is not linked to the others.

openssl rsa -noout -modulus -in FILE.key
openssl req -noout -modulus -in FILE.csr
openssl x509 -noout -modulus -in FILE.cer

Kind Regards,


First Class Watches
9 Warwick Road
United Kingdom

On 8 January 2015 at 19:25, Yves Goergen <>

> Hello,
> Currently, when I configure Apache web server for SSL and provide a broken
> file for the key or certificate, the server fails to start completely.
> Since I want to allow other users of my web server to upload their own
> key/cert files for their VirtualHosts, I need to thoroughly verify these
> files to prevent a failure of the entire web server.
> Unfortunately, I don't know how I can do that verification. OpenSSL's
> verify command doesn't care about private keys, but some changed characters
> in it will break it, too.
> Is there an easier option to let Apache deny all SSL requests for the
> broken file's VirtualHost, and otherwise ignore the error? At least it
> should not fail completely, that's a too drastic measure that cannot be
> handled reasonably in an automatic way.
> --
> Yves Goergen
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message