Another useful SSL option is SSLVerifyDepth Through it can be specified …

Saturday, 14th June 2025

Comment on Apache SSLCertificateChainFile adding SSL with Certificate Chain / What is Certificate Chain by admin.

Another useful SSL option is SSLVerifyDepth
Through it can be specified how many levels of the certificate chain up should be followed. For example an SSLVerifyDepth 3 means:

| depth 0: the client certificate
| depth 1: the issuer certificate
| depth 2: the issuer’s issuer certificate
| depth 3: the issuer’s issuer’s issuer certificate.

SSLVerifyDepth 0 … a self-signed client cert only is allowed
SSLVerifyDepth 1 … client cert can be signed by a CA, but this has to be the root CA.
SSLVerifyDepth 2 … client cert can be signed by a CA which itself can be
signed by a second CA.
Example of usage of SSLVerifyDepth is below Apache config:

SSLCACertificateFile conf/cert/all.crt
SSLVerifyDepth 3
# For fallback to basic authentication we need optional
SSLVerifyClient optional

ProxyPreserveHost On

Recent Comments by admin

Christ is Risen Eastern Orthodox Resurrection Paschal Greeting in Different Languages
Thank you i’ve included the Georgian Paschal greeting. It was my bad to not include, it was a gap of mine.

Restrict user to Run one remote Server command only via SSH authorized key passwordless authentication on Linux / UNIX / BSD

Smal script to easify ssh key generation

 

#!/bin/bash
 
# Define the user and group
USER="user"
GROUP="group"
HOME_DIR="/home/$USER"
 
# Navigate to the user's home directory
cd "$HOME_DIR" || { echo "Failed to navigate to $HOME_DIR"; exit 1; }
 
# Create the .ssh directory if it does not exist
if [ ! -d “.ssh” ]; then
            mkdir .ssh
                echo ".ssh directory created."
            mkdir .ssh
                echo ".ssh directory created."
        else
                    echo ".ssh directory already exists."
            fi

            # Change ownership of the .ssh directory
            chown "$USER:$GROUP" .ssh
            echo "Ownership of .ssh directory changed to $USER:$GROUP."

            # Navigate to the .ssh directory
            cd .ssh || { echo "Failed to navigate to .ssh directory"; exit 1; }

            # Create the authorized_keys file if it does not exist
            if [ ! -f “authorized_keys” ]; then
                        touch authorized_keys
                            echo "authorized_keys file created."
                    else
                                echo "authorized_keys file already exists."
                        fi


                        # Change ownership of the authorized_keys file
                        chown "$USER:$GROUP" authorized_keys
                        echo "Ownership of authorized_keys changed to $USER:$GROUP."
echo "Generating new DSA key with ECDSA encryption algorithm";
                        ssh-keygen -t ecdsa -f id_dsa
echo "Copying id_dsa.pub to ~/.ssh/ directory";
cp -vrpf id_dsa ~/.ssh/
echo "Copy the id_dsa.pub content to remote server's directory $HOME/.ssh/authorized_keys and run chown 600 ~/.ssh/authorized_keys";
        else
                    echo ".ssh directory already exists."
            fi
             
            # Change ownership of the .ssh directory
            chown "$USER:$GROUP" .ssh
            echo "Ownership of .ssh directory changed to $USER:$GROUP."
             
            # Navigate to the .ssh directory
            cd .ssh || { echo "Failed to navigate to .ssh directory"; exit 1; }
             
            # Create the authorized_keys file if it does not exist
            if [ ! -f “authorized_keys” ]; then
                        touch authorized_keys
                            echo "authorized_keys file created."
                    else
                                echo "authorized_keys file already exists."
                        fi
                         
                         
                        # Change ownership of the authorized_keys file
                        chown "$USER:$GROUP" authorized_keys
                        echo "Ownership of authorized_keys changed to $USER:$GROUP."
echo "Generating new DSA key with ECDSA encryption algorithm";
                        ssh-keygen -t ecdsa -f id_dsa
echo "Copying id_dsa.pub to ~/.ssh/ directory";
cp -vrpf id_dsa ~/.ssh/
echo "Copy the id_dsa.pub content to remote server's directory $HOME/.ssh/authorized_keys and run chown 600 ~/.ssh/authorized_keys";

Enable automatic updates on CentOS 8 , CentOS 9 Stream Linux with dnf-automatic and Cockpit Web GUI package management tool

One good hint if cockpit is not accessible in browser and you have to allow it through the firewall,
To open the firewall ports (if needed), execute the following commands: 

sudo firewall-cmd --add-service=cockpit --permanent
sudo firewall-cmd --reload

DOOM 1, DOOM 2, DOOM 3 game wad files for download / Playing Doom on Debian Linux via FreeDoom open source doom engine
i don’t really remember 🙂

How to install and use WSL 2 Windows native Linux emulation Debian and Ubuntu Linux on Windows 10 / Windows 11
A nice tip in wsl.conf is you can enable Bridged Network connection if necessery simple:

1. install a new virtual switch using Hyper-V say wsl-switch

to %userprofile%.wslconfig add the following (if the file doesn’t exist create it)

[wsl2]
networkingMode=bridged
vmSwitch=wsl-switch

Now when you restart WSL you will have a bridge session. This has also be known to cure some of the weird network issues seen with WSL where network connectivity stops working, no DNS connectivity – without the need for messing with scripts and config files. YMMV

Share this on:


Previoust Post:

Next Post:

This entry was posted on Saturday, June 14th, 2025 at 2:15 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.