{"id":9225,"date":"2017-04-18T08:44:04","date_gmt":"2017-04-18T06:44:04","guid":{"rendered":"https:\/\/thecamels.org\/bezpieczna-konfiguracja-ssl-serwerze-apache\/"},"modified":"2021-01-13T10:45:16","modified_gmt":"2021-01-13T09:45:16","slug":"secure-ssl-configuration-on-apache-server","status":"publish","type":"post","link":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/","title":{"rendered":"Secure SSL configuration on Apache server"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">Spis tre\u015bci<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#generation-of-certificates\" >Generation of certificates<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#generation-of-a-certificate-from-an-external-vendor\" >Generation of a certificate from an external vendor<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#generation-of-self-signed-certificate\" >Generation of self-signed certificate<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#ssl-settings\" >SSL Settings<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#strict-transport-security\" >Strict Transport Security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#ssl-compression-and-crime-attack\" >SSL compression and CRIME attack<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#ssl-settings-generator\" >SSL settings generator<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#verification-of-ssl-settings\" >Verification of SSL settings<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#mandatory-verification-of-caa-records\" >Mandatory verification of CAA records<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"generation-of-certificates\"><\/span>Generation of certificates<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>SSL certificates for over 20 years have been the basic component of a properly configured website hosting service. A critical parameter determining the strength of SSL encryption is the length of the keys used. The longer it is, the more difficult it is to decrypt the transmission between two computers without a dedicated key. Currently recommended asymmetric key length is 2048 bits. SSL certificates <a href=\"https:\/\/thecamels.org\/en\/ssl-certificates\/\"><span>purchased from us<\/span><\/a> meet these requirements.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"generation-of-a-certificate-from-an-external-vendor\"><\/span>Generation of a certificate from an external vendor<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A command can be used to (correctly) generate requests for a certificate (CSR &#8211; Certificate Sign Request) compliant with the applicable standards:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl req -sha256 -new -nodes -newkey rsa:2048 -out \/etc\/pki\/tls\/certs\/www.example.com.csr -keyout \/etc\/pki\/tls\/private\/www.example.com.key<\/code><\/pre>\n\n\n\n<p>It generates two files &#8211; <strong>a private key file<\/strong> (used to decrypt messages) and a CSR file from which we can generate a public key file (used to encrypt messages). CSR enables us to generate <strong>a public key<\/strong> from external providers such as Comodo, RapidSSL, Go Daddy, etc. If we are not a <strong>CA (Certificate Authority)<\/strong>, it is the only way to be able to have a &#8220;trusted certificate&#8221;, i.e. one that is recognized by the user&#8217;s browser and does not display an HTTPS warning (connection not trusted).<\/p>\n\n\n\n<p>The above openssl tool will create a 2048 bit RSA key (<code>-newkey rsa:2048<\/code>) unencrypted (<code>-nodes<\/code>) and a request for a certificate, in PKCS#10 format, with the indication that we want to use an SHA algorithm with a 256-bit key to sign the certificate.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"659\" height=\"264\" src=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/SHA-1-warnings.jpg\" alt=\"End of SHA-1 support warning.\" class=\"wp-image-4947\" srcset=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/SHA-1-warnings.jpg 659w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/SHA-1-warnings-600x240.jpg 600w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/SHA-1-warnings-300x120.jpg 300w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/SHA-1-warnings-130x52.jpg 130w\" sizes=\"auto, (max-width: 659px) 100vw, 659px\" \/><figcaption>End of SHA-1 support warning &#8211; <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/blog.digicert.com\/ending-trust-sha-1\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>source<\/span><\/a><\/figcaption><\/figure><\/div>\n\n\n\n<p>The <strong>-sha256<\/strong> option is particularly important because many certification authorities do not yet have the default setting to sign certificates using <strong>SHA-2<\/strong> &#8211; instead, a weaker SHA-1 algorithm is used, which is currently treated as obsolete (and will soon display a <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/blog.digicert.com\/ending-trust-sha-1\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>warning in browsers<\/span><\/a>). The -sha256 option allows us to indicate that we want to use specifically this version of the SHA algorithm to sign our certificate.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"generation-of-self-signed-certificate\"><\/span>Generation of self-signed certificate<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>To generate a self signed certificate, use the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl req -sha256 -new -x509 -nodes -days 3650 -newkey rsa:2048 -out \/etc\/pki\/tls\/certs\/www.example.com.crt -keyout \/etc\/pki\/tls\/private\/www.example.com.key<\/code><\/pre>\n\n\n\n<p>As in the example above, we create two files, but this time instead of CSR we create a CRT file in which we have our certificate (<strong>-x509<\/strong>), signed by ourselves. This allows us to bypass the verification process and signing the certificate with an external provider (which is usually paid) but, on the other hand, client browsers will not display the connection as trusted (broken HTTPS padlock).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"ssl-settings\"><\/span>SSL Settings<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In order to further increase the security of our HTTPS server, in addition to the relevant certificates, we can also change the settings of the allowed list of cryptographic ciphers that are used during the exchange of information. The configuration is shown on the example of Apache 2.2 and CentOS operating system.<\/p>\n\n\n\n<p>In order to disable support for old and weak algorithms\/methods of encryption, the file <code>\/etc\/httpd\/conf.d\/ssl.conf<\/code> should be added\/replaced:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SSLEngine on\nSSLProtocol -All +TLSv1.3\nSSLUseStapling off\nSSLStaplingFakeTryLater off\nSSLStaplingReturnResponderErrors off\nSSLStaplingResponderTimeout 3\nSSLCompression off\nSSLSessionTickets off\nHeader always set X-Content-Type-Options nosniff\nSSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256<\/code><\/pre>\n\n\n\n<p>The above list of SSLCipherSuite and SSLProtocol comes from <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/wiki.mozilla.org\/Security\/Server_Side_TLS#Recommended_configurations\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>wiki.mozilla.org<\/span><\/a> and contains the average (<strong>intermediate<\/strong>) security settings. They are the most compatible but still safest, as they disable RC4 algorithm (which has <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/wiki.mozilla.org\/Security\/Server_Side_TLS#RC4_weaknesses\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>verified, unrepairable vulnerabilities<\/span><\/a>) and SSLv3 (POODLE attack). The exception in terms of compatibility is Internet Explorer 6.0 under Windows XP and Java 1.6. For the latter platform you can still restore support, creating a rigidly generated <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/www.openssl.org\/docs\/apps\/dhparam.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>Diffi-Hellman<\/span><\/a> protocol parameters and add at the end of the main domain certificate:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl dhparam -out \/tmp\/dh.crt 1024\ncat \/tmp\/dh.crt &gt;&gt; \/etc\/pki\/tls\/certs\/www.example.com.crt<\/code><\/pre>\n\n\n\n<p>For a more detailed description of the solution to Java 1.6 please visit <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"http:\/\/httpd.apache.org\/docs\/current\/ssl\/ssl_faq.html#javadh\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>httpd.apache.org\/docs<\/span><\/a>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1100\" height=\"645\" src=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_.png\" alt=\"Qualys SSL Labs\" class=\"wp-image-4948\" srcset=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_.png 1100w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_-600x352.png 600w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_-768x450.png 768w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_-960x563.png 960w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_-300x176.png 300w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_-1024x600.png 1024w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_-900x528.png 900w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/qualys-ssl-labs-thecamels.org_-130x76.png 130w\" sizes=\"auto, (max-width: 1100px) 100vw, 1100px\" \/><\/figure><\/div>\n\n\n\n<p>It should also be noted that the above setting does not eliminate the <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"http:\/\/blog.zoller.lu\/2011\/09\/beast-summary-tls-cbc-countermeasures.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>BEAST<\/span><\/a> attack vector using TLSv1.2, which, for compatibility reasons, we recommend to leave on, as it is the highest available algorithm in many older programs, e.g. Internet Explorer to ver. 10, Firefox to ver. 26 or Chrome to ver. 21.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"strict-transport-security\"><\/span>Strict Transport Security<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If possible, add to the same file (<code>ssl.conf<\/code>) as well:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Header always set Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\"<\/code><\/pre>\n\n\n\n<p>This should be done only if the application supports 100% HTTPS, i.e. it does not try to connect via pure HTTP, e.g. to API or auxiliary servers or subdomains, e.g. CDNs (in this case you can remove the <code>\"includeSubDomains\"<\/code> fragment).<\/p>\n\n\n\n<p><strong>Strict-Transport-Security<\/strong> briefly informs the browser that has received such a header together with reading, for example, the home page of the portal, that the user should remain on an encrypted connection at all times. It protects the user in a situation when someone tries to redirect the user from the website where he is (using HTTPS) to HTTP (using a <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/en.wikipedia.org\/wiki\/Man-in-the-middle_attack\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>Man-in-the-middle<\/span><\/a> attack) and in this way tries to read the encrypted transmission.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"ssl-compression-and-crime-attack\"><\/span>SSL compression and CRIME attack<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is a good idea to add to <code>\/etc\/sysconfig\/httpd<\/code> as well:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>export OPENSSL_NO_DEFAULT_ZLIB=1<\/code><\/pre>\n\n\n\n<p>This disables compression of encrypted data on the fly, which protects against <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/community.qualys.com\/blogs\/securitylabs\/2012\/09\/14\/crime-information-leakage-attack-against-ssltls\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>CRIME<\/span><\/a> attack (in Apache 2.4.3+ this setting can be changed directly in config <code>- SSLCompression<\/code> variable).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"ssl-settings-generator\"><\/span>SSL settings generator<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>If you want to easily prepare a secure configuration for Apache, Nginx or HAProxy servers, you can use a dedicated tool. <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/mozilla.github.io\/server-side-tls\/ssl-config-generator\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span>Mozilla SSL Configuration Generator<\/span><\/a> allows you to customize the configuration, taking into account the version of our webserver and the version of openssl library used. We are sure that we use the safest possible settings, matching our environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"verification-of-ssl-settings\"><\/span>Verification of SSL settings<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>To check the security level of our HTTPS server, you can use one of the many tools available on the network. For example, an application from <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/globalsign.ssllabs.com\/\"><span>Globalsign<\/span><\/a> allows you to test the configuration for many known attacks on the SSL protocol (and not only). It also allows us to check the compatibility of our settings on many different platforms.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"mandatory-verification-of-caa-records\"><\/span>Mandatory verification of CAA records<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>From 8 September 2017 all Certification Authorities are obliged to verify entries in DNS CAA records for the domain for which they want to issue a certificate. In practice, this means that domain owners have the ability to clearly identify which companies can issue a certificate for the domain. The purpose of this is to protect themselves against false certificates. For example, an entry in a domain:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>thecamels.org.\t\t128\tIN\tCAA\t0 issue \"rapidssl.com\"<\/code><\/pre>\n\n\n\n<p>specifies that only RapidSSL has the right to issue a certificate for this domain. Detailed information on the introduced changes is available on the official websites of individual exhibitors.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1364\" height=\"160\" src=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa.png\" alt=\"DNS CAA\" class=\"wp-image-4949\" srcset=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa.png 1364w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa-600x70.png 600w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa-768x90.png 768w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa-960x113.png 960w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa-300x35.png 300w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa-1024x120.png 1024w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa-900x106.png 900w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/04\/dns-caa-130x15.png 130w\" sizes=\"auto, (max-width: 1364px) 100vw, 1364px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Generation of certificates SSL certificates for over 20 years have been the basic component of a properly configured website hosting service. A critical parameter determining the strength of SSL encryption is the length of the keys used. The longer it is, the more difficult it is to decrypt the transmission between two computers without a&hellip;<\/p>\n","protected":false},"author":1,"featured_media":17239,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[150],"tags":[699,707],"class_list":["post-9225","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-server-administration","tag-servers"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Secure SSL configuration on Apache server<\/title>\n<meta name=\"description\" content=\"Learn how to securely configure an SSL certificate on the Apache server. On our blog we present step by step instructions. Check it out!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure SSL configuration on Apache server\" \/>\n<meta property=\"og:description\" content=\"Learn how to securely configure an SSL certificate on the Apache server. On our blog we present step by step instructions. Check it out!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/?utm_source=dark&amp;utm_medium=social&amp;utm_campaign=open-graph\" \/>\n<meta property=\"og:site_name\" content=\"Thecamels.org\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/thecamels.org\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-04-18T06:44:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-13T09:45:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/OG-Tag-Image-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kamil Porembi\u0144ski\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/OG-Tag-Image-2.png\" \/>\n<meta name=\"twitter:creator\" content=\"@thecamelsorg\" \/>\n<meta name=\"twitter:site\" content=\"@thecamelsorg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kamil Porembi\u0144ski\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/\"},\"author\":{\"name\":\"Kamil Porembi\u0144ski\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/person\\\/b7bd2aec5f506a68323eb40c86d38a32\"},\"headline\":\"Secure SSL configuration on Apache server\",\"datePublished\":\"2017-04-18T06:44:04+00:00\",\"dateModified\":\"2021-01-13T09:45:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/\"},\"wordCount\":998,\"publisher\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/41.png\",\"keywords\":[\"server administration\",\"servers\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/\",\"url\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/\",\"name\":\"Secure SSL configuration on Apache server\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/41.png\",\"datePublished\":\"2017-04-18T06:44:04+00:00\",\"dateModified\":\"2021-01-13T09:45:16+00:00\",\"description\":\"Learn how to securely configure an SSL certificate on the Apache server. On our blog we present step by step instructions. Check it out!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/#primaryimage\",\"url\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/41.png\",\"contentUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/41.png\",\"width\":1200,\"height\":627,\"caption\":\"Bezpieczna konfiguracja SSL na serwerze Apache\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/secure-ssl-configuration-on-apache-server\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"[HOME]\",\"item\":\"https:\\\/\\\/thecamels.org\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/thecamels.org\\\/en\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Secure SSL configuration on Apache server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/thecamels.org\\\/en\\\/\",\"name\":\"Thecamels.org\",\"description\":\"Hosting SSD NVMe z certyfikatem SSL i HTTP\\\/2. Administracja serwerami, skalowanie infrastruktury. Mamy g\u0142ow\u0119 do serwer\u00f3w i zadbamy o Twoj\u0105 stron\u0119 w sieci.\",\"publisher\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/thecamels.org\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#organization\",\"name\":\"Thecamels\",\"url\":\"https:\\\/\\\/thecamels.org\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/TC-logo-nowe.png\",\"contentUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/TC-logo-nowe.png\",\"width\":826,\"height\":106,\"caption\":\"Thecamels\"},\"image\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/thecamels.org\\\/\",\"https:\\\/\\\/x.com\\\/thecamelsorg\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/the-camels\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC01xYBZbIAApTuPWuqgGE4Q\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/person\\\/b7bd2aec5f506a68323eb40c86d38a32\",\"name\":\"Kamil Porembi\u0144ski\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g\",\"caption\":\"Kamil Porembi\u0144ski\"},\"description\":\"Architekt systemowy, administrator Linux, a czasem Windows. Lubi tematyk\u0119 security. Obecnie w\u0142a\u015bciciel firmy thecamels.org, zajmuj\u0105cej si\u0119 projektowaniem system\u00f3w o wysokiej dost\u0119pno\u015bci. Zajmuje si\u0119 skalowaniem du\u017cych aplikacji internetowych, wspieraniem startup\u00f3w w kwestiach serwerowych. Po godzinach zajmuje si\u0119 \u017ceglowaniem po morzach, lataniem, fotografi\u0105 i podr\u00f3\u017cami.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure SSL configuration on Apache server","description":"Learn how to securely configure an SSL certificate on the Apache server. On our blog we present step by step instructions. Check it out!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/","og_locale":"en_US","og_type":"article","og_title":"Secure SSL configuration on Apache server","og_description":"Learn how to securely configure an SSL certificate on the Apache server. On our blog we present step by step instructions. Check it out!","og_url":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/?utm_source=dark&utm_medium=social&utm_campaign=open-graph","og_site_name":"Thecamels.org","article_publisher":"https:\/\/www.facebook.com\/thecamels.org\/","article_published_time":"2017-04-18T06:44:04+00:00","article_modified_time":"2021-01-13T09:45:16+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/OG-Tag-Image-2.png","type":"image\/png"}],"author":"Kamil Porembi\u0144ski","twitter_card":"summary_large_image","twitter_image":"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/OG-Tag-Image-2.png","twitter_creator":"@thecamelsorg","twitter_site":"@thecamelsorg","twitter_misc":{"Written by":"Kamil Porembi\u0144ski","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#article","isPartOf":{"@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/"},"author":{"name":"Kamil Porembi\u0144ski","@id":"https:\/\/thecamels.org\/en\/#\/schema\/person\/b7bd2aec5f506a68323eb40c86d38a32"},"headline":"Secure SSL configuration on Apache server","datePublished":"2017-04-18T06:44:04+00:00","dateModified":"2021-01-13T09:45:16+00:00","mainEntityOfPage":{"@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/"},"wordCount":998,"publisher":{"@id":"https:\/\/thecamels.org\/en\/#organization"},"image":{"@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#primaryimage"},"thumbnailUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/41.png","keywords":["server administration","servers"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/","url":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/","name":"Secure SSL configuration on Apache server","isPartOf":{"@id":"https:\/\/thecamels.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#primaryimage"},"image":{"@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#primaryimage"},"thumbnailUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/41.png","datePublished":"2017-04-18T06:44:04+00:00","dateModified":"2021-01-13T09:45:16+00:00","description":"Learn how to securely configure an SSL certificate on the Apache server. On our blog we present step by step instructions. Check it out!","breadcrumb":{"@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#primaryimage","url":"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/41.png","contentUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2017\/04\/41.png","width":1200,"height":627,"caption":"Bezpieczna konfiguracja SSL na serwerze Apache"},{"@type":"BreadcrumbList","@id":"https:\/\/thecamels.org\/en\/secure-ssl-configuration-on-apache-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"[HOME]","item":"https:\/\/thecamels.org\/en\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/thecamels.org\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"Secure SSL configuration on Apache server"}]},{"@type":"WebSite","@id":"https:\/\/thecamels.org\/en\/#website","url":"https:\/\/thecamels.org\/en\/","name":"Thecamels.org","description":"Hosting SSD NVMe z certyfikatem SSL i HTTP\/2. Administracja serwerami, skalowanie infrastruktury. Mamy g\u0142ow\u0119 do serwer\u00f3w i zadbamy o Twoj\u0105 stron\u0119 w sieci.","publisher":{"@id":"https:\/\/thecamels.org\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thecamels.org\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/thecamels.org\/en\/#organization","name":"Thecamels","url":"https:\/\/thecamels.org\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thecamels.org\/en\/#\/schema\/logo\/image\/","url":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/TC-logo-nowe.png","contentUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/TC-logo-nowe.png","width":826,"height":106,"caption":"Thecamels"},"image":{"@id":"https:\/\/thecamels.org\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/thecamels.org\/","https:\/\/x.com\/thecamelsorg","https:\/\/www.linkedin.com\/company\/the-camels","https:\/\/www.youtube.com\/channel\/UC01xYBZbIAApTuPWuqgGE4Q"]},{"@type":"Person","@id":"https:\/\/thecamels.org\/en\/#\/schema\/person\/b7bd2aec5f506a68323eb40c86d38a32","name":"Kamil Porembi\u0144ski","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g","caption":"Kamil Porembi\u0144ski"},"description":"Architekt systemowy, administrator Linux, a czasem Windows. Lubi tematyk\u0119 security. Obecnie w\u0142a\u015bciciel firmy thecamels.org, zajmuj\u0105cej si\u0119 projektowaniem system\u00f3w o wysokiej dost\u0119pno\u015bci. Zajmuje si\u0119 skalowaniem du\u017cych aplikacji internetowych, wspieraniem startup\u00f3w w kwestiach serwerowych. Po godzinach zajmuje si\u0119 \u017ceglowaniem po morzach, lataniem, fotografi\u0105 i podr\u00f3\u017cami."}]}},"_links":{"self":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts\/9225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/comments?post=9225"}],"version-history":[{"count":5,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts\/9225\/revisions"}],"predecessor-version":[{"id":16464,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts\/9225\/revisions\/16464"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/media\/17239"}],"wp:attachment":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/media?parent=9225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/categories?post=9225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/tags?post=9225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}