{"id":4399,"date":"2019-07-25T15:23:24","date_gmt":"2019-07-25T15:23:24","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=4399"},"modified":"2019-07-25T15:34:08","modified_gmt":"2019-07-25T15:34:08","slug":"apache-%d0%b2%d0%ba%d0%bb%d1%8e%d1%87%d0%b0%d0%b5%d0%bc-ocsp-%d0%b8-hsts","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=4399","title":{"rendered":"Apache: \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u043c OCSP \u0438 HSTS"},"content":{"rendered":"<h3>OCSP<\/h3>\n<p>\u0412\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e &#8211; \u043d\u0443\u0436\u043d\u043e \u0440\u0430\u0441\u043a\u043e\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0442\u0440\u043e\u043a\u0438:<\/p>\n<pre># ee \/usr\/local\/etc\/apache24\/extra\/httpd-ssl.conf\r\n\r\n# Enable stapling for all SSL-enabled servers:\r\nSSLUseStapling On\r\nSSLStaplingCache \"shmcb:\/var\/run\/ssl_stapling(32768)\"\r\nSSLStaplingStandardCacheTimeout 3600<\/pre>\n<p>\u0438\u043b\u0438 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0445\u043e\u0441\u0442\u0430 \u0438\u043d\u0434\u0438\u0432\u0438\u0434\u0443\u0430\u043b\u044c\u043d\u043e \u0432 \u0444\u0430\u0439\u043b\u0435 .\/extra\/httpd-vhosts.conf \u0438\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0430\u0445 .\/Includes\/:<\/p>\n<pre>&lt;VirtualHost _default_:443&gt;\r\n # General setup for the virtual host\r\n DocumentRoot \"\/usr\/local\/www\/apache24\/data\"\r\n ServerName mail.domen.ua:443\r\n ServerAdmin postmaster@domen.ua\r\n ErrorLog \"\/var\/log\/httpd-error.log\"\r\n TransferLog \"\/var\/log\/httpd-access.log\"\r\n\r\n # SSL Engine Switch:\r\n # Enable\/Disable SSL for this virtual host.\r\n SSLEngine on\r\n ...\r\n SSLUseStapling On\r\n SSLStaplingCache \"shmcb:\/var\/run\/ssl_stapling(32768)\"\r\n...\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 <a href=\"https:\/\/www.ssllabs.com\/ssltest\">www.ssllabs.com<\/a>, <a href=\"https:\/\/www.digicert.com\/help\/\">www.digicert.com<\/a> \u0438\u043b\u0438 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438:<\/p>\n<pre>% openssl s_client -connect mail.imp.kiev.ua:443 -tls1 -tlsextdebug -status \r\n\r\nOCSP response: \r\n======================================\r\nOCSP Response Data:\r\n  \u00a0 \u00a0OCSP Response Status: <span style=\"color: #ff0000;\">successful<\/span> (0x0)\r\n  \u00a0 \u00a0Response Type: <span style=\"color: #ff0000;\">Basic OCSP Response<\/span>\r\n  \u00a0 \u00a0Version: 1 (0x0)\r\n  \u00a0 \u00a0Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3\r\n     Produced At: Jul 22 22:37:00 2019 GMT\r\n     Responses:\r\n     Certificate ID:\r\n       Hash Algorithm: sha1\r\n       Issuer Name Hash: 7EED44DAAB3FCF8A220646C16A09AD71085D\r\n       Issuer Key Hash: A84A6A63047DDDBAE6D139B7D44DAEFF3A8ECA1\r\n       Serial Number: 03F102AA63047DDDBAE6DA7043D44DA589\r\n     Cert Status: <span style=\"color: #ff0000;\">good<\/span>\r\n     This Update: Jul 22 22:00:00 2019 GMT\r\n     Next Update: Jul 29 22:00:00 2019 GMT<\/pre>\n<h3>HSTS<\/h3>\n<p>\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0441\u0442\u0440\u043e\u043a\u0443 \u0432 extra\/httpd-vhosts.conf<\/p>\n<pre>&lt;VirtualHost *:443&gt;\r\n\u00a0...\r\n\u00a0## HSTS\r\n\u00a0Header always set Strict-Transport-Security \"max-age=63072000; includeSubdomains;\"\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u043e\u043b\u0436\u043d\u0430 \u0431\u044b\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u0430 \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u044f \u0441 http \u043d\u0430 https:<\/p>\n<pre># ee extra\/httpd-vhosts.conf<\/pre>\n<pre>&lt;VirtualHost *:80&gt;\r\n\u00a0ServerName mail.domen.ua\r\n\u00a0RewriteEngine On\r\n\u00a0RewriteCond %{HTTPS} off\r\n\u00a0RewriteRule (.*) https:\/\/%{HTTP_HOST}%{REQUEST_URI}\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 <a href=\"https:\/\/www.ssllabs.com\/ssltest\">www.ssllabs.com<\/a>.<\/p>\n<div class=\"preformatted panel conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"noformat\">\n<div class=\"preformattedContent panelContent\">\n<pre><\/pre>\n<\/div>\n<\/div>\n<div class=\"pdfprnt-buttons pdfprnt-buttons-post pdfprnt-bottom-right\"><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts4399&print=pdf\" class=\"pdfprnt-button pdfprnt-button-pdf\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/pdf.png\" alt=\"image_pdf\" title=\"View PDF\" \/><\/a><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts4399&print=print\" class=\"pdfprnt-button pdfprnt-button-print\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/print.png\" alt=\"image_print\" title=\"Print Content\" \/><\/a><\/div>","protected":false},"excerpt":{"rendered":"<p>OCSP \u0412\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e &#8211; \u043d\u0443\u0436\u043d\u043e \u0440\u0430\u0441\u043a\u043e\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0442\u0440\u043e\u043a\u0438: # ee \/usr\/local\/etc\/apache24\/extra\/httpd-ssl.conf # Enable stapling for all SSL-enabled servers: SSLUseStapling On SSLStaplingCache &#8220;shmcb:\/var\/run\/ssl_stapling(32768)&#8221; SSLStaplingStandardCacheTimeout 3600 \u0438\u043b\u0438 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0445\u043e\u0441\u0442\u0430 \u0438\u043d\u0434\u0438\u0432\u0438\u0434\u0443\u0430\u043b\u044c\u043d\u043e \u0432 \u0444\u0430\u0439\u043b\u0435 .\/extra\/httpd-vhosts.conf \u0438\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0430\u0445 .\/Includes\/: &lt;VirtualHost _default_:443&gt; # General setup for the virtual host DocumentRoot &#8220;\/usr\/local\/www\/apache24\/data&#8221; ServerName mail.domen.ua:443 ServerAdmin postmaster@domen.ua ErrorLog &#8220;\/var\/log\/httpd-error.log&#8221; TransferLog &#8220;\/var\/log\/httpd-access.log&#8221; &#8230;<\/p>\n<p><a href=\"https:\/\/tst-amo.net.ua\/blog\/?p=4399\" class=\"more-link\">Continue reading &lsquo;Apache: \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u043c OCSP \u0438 HSTS&rsquo; &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,50,293,7,292,246,36],"tags":[],"class_list":["post-4399","post","type-post","status-publish","format-standard","hentry","category-apache","category-freebsd","category-hsts","category-mail","category-ocsp","category-web","category-www"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4399"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4399"}],"version-history":[{"count":3,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4399\/revisions"}],"predecessor-version":[{"id":4403,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4399\/revisions\/4403"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}