How to enable Public Key Pinning Extension for HTTP (HPKP) on Apache2. HPKP tries to detect MITM attacks with valid certificates. The first time a browser visits a HPKP enabled website, it stores the hash from the public key. For all subsequent TLS connections, the received key against is checked against the stored key.
How to enable HPKP on Apache2?
Calculate the sha256 hash for the public key
In this example I’m using the certificate as a base to extract the public key.
$ openssl x509 -in www_rivy_org.crt -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | base64 writing RSA key VhFYptFYvVRv1KVvcUg3EfHvv15wkBFpRU332RNC2sM=