HPKP with letsencrypt and nginx

Get SPKI-hash

Let’s Encrypt Authority X4

curl https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

Let’s Encrypt Authority X3

curl https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

ISRG Root X1

curl https://letsencrypt.org/certs/isrgrootx1.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64

Add config to nginx

add_header Public-Key-Pins 'pin-sha256="X4-Hash"; pin-sha256="X3-Hash"; pin-sha256="X1-Hash"; max-age=15768000;';

Reload nginx

nginx -s reload

About
Latest Posts

โซเชียล

Kawin Viriyaprasopsook

System administrator at Zercle Technology Co., Ltd.

System admin กากๆ
รักในการเล่นเกม
ชอบดู Anime ญี่ปุ่น

โซเชียล

Latest posts by Kawin Viriyaprasopsook (see all)

Fix systemd resolved not working (127.0.0.53) - 2019-09-23
Safely remove SATA disk from a running Linux system - 2019-05-24
Update CentOS kernel for deploy Google BBR - 2019-05-10

Kawin Viriyaprasopsook

Latest posts by Kawin Viriyaprasopsook (see all)

Like this:

Related

Leave a Reply Cancel reply

Kawin Viriyaprasopsook

Latest posts by Kawin Viriyaprasopsook (see all)

Share this:

Like this:

Related

Leave a Reply Cancel reply