Re: Ignore SSL key/certificate errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Found the below online. You should be able to run that to give you a good idea that nothing has been tampered with before allowing it into the config.

----- If everything matches (same modulus), the files are compatible. If not, One of the file is not linked to the others.
openssl rsa -noout -modulus -in FILE.key
openssl req -noout -modulus -in FILE.csr
openssl x509 -noout -modulus -in FILE.cer

Kind Regards,

Scott

First Class Watches
9 Warwick Road
Kenilworth
CV8 1HD
Warwickshire
United Kingdom

On 8 January 2015 at 19:25, Yves Goergen <nospam.list@xxxxxxxxxxxxxxx> wrote:
Hello,

Currently, when I configure Apache web server for SSL and provide a broken file for the key or certificate, the server fails to start completely. Since I want to allow other users of my web server to upload their own key/cert files for their VirtualHosts, I need to thoroughly verify these files to prevent a failure of the entire web server.

Unfortunately, I don't know how I can do that verification. OpenSSL's verify command doesn't care about private keys, but some changed characters in it will break it, too.

Is there an easier option to let Apache deny all SSL requests for the broken file's VirtualHost, and otherwise ignore the error? At least it should not fail completely, that's a too drastic measure that cannot be handled reasonably in an automatic way.

--
Yves Goergen
http://unclassified.software

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux