1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How enable HPKP and CAA DNS

Discussion in 'Apache' started by lepass, May 24, 2017.

  1. #1
    Hello

    I am trying enable HPKP for my ssl certificates adding code generated in ssh (with errors) in htacces and I can´t calculate the right sha256 for the public key because I receive errors due to wrong route path.
    I followed this tutorial trying many options (.key, .pem, .crs, .crt) adding code from ssh like openssl x509 -in www_mywebsite_fr.crt -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 but I received next errors:
    Error opening Certificate www_mywebsite_fr.crt
    139985532938144:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('www_mywebsite_fr.crt','r')
    139985532938144:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
    
    unable to load Public Key
    140468587530144:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: PUBLIC KEY
    Code (markup):
    I checked in etc/ssl/certs for try add code from this path and here only i can see "localhost.crt" and I am searching one of my two websites certificates www_mysite_fr.crt

    Question 1
    Where is located route/path of certficates installed from plesk in Centos 7 and apache 2.4.6 ?
    Is this error displayed due to an incorrect route when I add code by ssh to show publick key or could be due to another problem?

    Question 2
    How can I enable DNS CAA when I have full website in https ? Any work to do from dns plesk or tip for add in htacces?

    Best regards and thank you very much
     
    lepass, May 24, 2017 IP