Test an SSL certificate before installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I'd like to let my users install their own SSL certificates through a web interface for self-management services. If a user provides a malicious certificate, the entire server will fail to start and the whole system is down. This is a bit hard but that's how it is.

So I'll have to make sure the certificate and key are usable by apache before generating the config that will use it.

I could run basic checks like let openssl parse it. But I've managed to break my test server by providing it a perfectly working certificate and key - from an old domain from 2016. The server complained with this message:

> SSL Library Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

That's from my letsencrypt archives. A newer one of the same domain from 2018 works just fine on the same new dev server. So there are obviously circumstances that let apache fail on the certificate that I can't fully analyse.

Is there a method to have apache check that certificate and key in advance, considering its usual configuration, before I expect it to use the certificate? I don't want to let it try out the file on a production system, and learn about an unsupported certificate by a web server that's down. There has to be a smarter way to handle this.

-Yves

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux