httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott (firstclasswatches.co.uk)" <scott.lu...@firstclasswatches.co.uk>
Subject Re: [users@httpd] Ignore SSL key/certificate errors
Date Thu, 08 Jan 2015 19:59:49 GMT
Found the below online. You should be able to run that to give you a good
idea that nothing has been tampered with before allowing it into the config.

----- If everything matches (same modulus), the files are compatible. If
not, One of the file is not linked to the others.

openssl rsa -noout -modulus -in FILE.key
openssl req -noout -modulus -in FILE.csr
openssl x509 -noout -modulus -in FILE.cer


Kind Regards,

Scott

First Class Watches
9 Warwick Road
Kenilworth
CV8 1HD
Warwickshire
United Kingdom

On 8 January 2015 at 19:25, Yves Goergen <nospam.list@unclassified.de>
wrote:

> Hello,
>
> Currently, when I configure Apache web server for SSL and provide a broken
> file for the key or certificate, the server fails to start completely.
> Since I want to allow other users of my web server to upload their own
> key/cert files for their VirtualHosts, I need to thoroughly verify these
> files to prevent a failure of the entire web server.
>
> Unfortunately, I don't know how I can do that verification. OpenSSL's
> verify command doesn't care about private keys, but some changed characters
> in it will break it, too.
>
> Is there an easier option to let Apache deny all SSL requests for the
> broken file's VirtualHost, and otherwise ignore the error? At least it
> should not fail completely, that's a too drastic measure that cannot be
> handled reasonably in an automatic way.
>
> --
> Yves Goergen
> http://unclassified.software
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message