Table of Contents

Apache

SSL

New versions of apache2 require a chain of certs in one file, not anymore separate files:

cat  /etc/apache2/ssl/cert.crt /etc/apache2/ssl/intermediate.crt > /etc/apache2/ssl/chain.crt

Common SSL-Cert config for all vhosts in 000-default:

# cert-file:
# SSLCertificateFile /etc/apache2/ssl/cert.crt
# replaced by chain-file:
SSLCertificateFile /etc/apache2/ssl/chain.crt
# the selfmade private key file associated with the certificate
# generated via $ openssl genrsa -out domain.privatekey 2048
# CSR - Certificate Signing Request - for this private key was generated via
# $ openssl req -new -key domain.privatekey -out domain.csr  # uploaded to cert registry
SSLCertificateKeyFile /etc/apache2/ssl/domain.privatekey
# DEPRECATED:
# now SSLCertificateFile contains the chain of rapidssl-intermediate and domain crt - see above!
# SSLCertificateChainFile /etc/apache2/ssl/rapidssl_intermediate.crt

Check your certs:

Cert trusted by CA?

openssl verify -CAfile intermediate.crt cert.crt

private key ok? - should return the same value:

openssl x509 -noout -modulus -in certificate.crt
openssl rsa -noout -modulus -in private.key

Block Bots

This line in apache2.conf httpd.conf blocks the User-Agent EvilBotName: SetEnvIfNoCase User-Agent “EvilBotName” BlockedAgent

 
Back to top
linux/webserver/apache.txt · Last modified: 2019/06/04 12:43 by tkilla