Found the below online. You should be able to run that to give you a good idea that nothing has been tampered with before allowing it into the config.
----- If everything matches (same modulus), the files are compatible. If not, One of the file is not linked to the others. openssl rsa -noout -modulus -in FILE.key openssl req -noout -modulus -in FILE.csr openssl x509 -noout -modulus -in FILE.cer Kind Regards, Scott First Class Watches 9 Warwick Road Kenilworth CV8 1HD Warwickshire United Kingdom On 8 January 2015 at 19:25, Yves Goergen <nospam.l...@unclassified.de> wrote: > Hello, > > Currently, when I configure Apache web server for SSL and provide a broken > file for the key or certificate, the server fails to start completely. > Since I want to allow other users of my web server to upload their own > key/cert files for their VirtualHosts, I need to thoroughly verify these > files to prevent a failure of the entire web server. > > Unfortunately, I don't know how I can do that verification. OpenSSL's > verify command doesn't care about private keys, but some changed characters > in it will break it, too. > > Is there an easier option to let Apache deny all SSL requests for the > broken file's VirtualHost, and otherwise ignore the error? At least it > should not fail completely, that's a too drastic measure that cannot be > handled reasonably in an automatic way. > > -- > Yves Goergen > http://unclassified.software > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
