Author Archives

• Adding Custom Root CA Certificates to Debian

  By GrumpyTechie on February 25, 2020 • ( 0 )

  

  Adding custom root CA certificates to Debian is rather easy, but there are some non-obvious pitfalls that you might encounter. Here I’ve tried to collect most things to a single post for your convenience. Adding Custom Root CA Certificates Debian… Read More ›

• Office 365 – Changing User’s Principal Name

  By GrumpyTechie on February 13, 2020 • ( 0 )

  

  A quite common occurrence for IT admins is that people change their names, and thus need their username to reflect this change. In the good ol’ days, this wasn’t an issue, just change their name in AD in 15 different… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Enabling HSTS

  By GrumpyTechie on November 25, 2019 • ( 0 )

  

  This week, we’re going for the gold medal, that sweet sweet A+ grade on Qualys SSL Labs. And to achieve this lofty goal of ours, we’ll need to enable one thing, HSTS. This is no small task, and for the… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Custom Cipher Groups

  By GrumpyTechie on November 18, 2019 • ( 0 )

  

  As promised in my last post on F5 load-balancers, this weeks issue of the never-ending guide on how to keep your F5 Big-IPs in the good graces of Qualys SSL Labs will deal with TLSv1.3 demanding that we use cipher… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Enabling TLSv1.3

  By GrumpyTechie on November 12, 2019 • ( 1 )

  

  In my last post on F5 load-balancers, we disabled TLS v1 and v1.1 as a preemptive measure as SSL Labs is going to start capping your grade to B if you’re caught supporting these protocols after January 2020. In this… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Disabling TLSv1 and TLSv1.1

  By GrumpyTechie on October 31, 2019 • ( 6 )

  

  So, it’s again time to start worrying about your SSL Labs grade. Coming January 2020, any site still supporting TLSv1 and TLSv1.1 will have their grade capped to B. As we all know, this is unacceptable, so we’ll once again… Read More ›

• Adding SANs to Let’s Encrypt Certificates – LE Series Part 2

  By GrumpyTechie on September 20, 2019 • ( 0 )

  

  As we already went through in part 1 of this series, requesting certificates using Let’s Encrypt and certbot is rather easy. Today we’re going to look at how you can request certificates with multiple Subject Alternative Names, or SANs for… Read More ›

• Enabling HTTP/2 on NGINX – NGINX Tricks Part 3

  By GrumpyTechie on September 12, 2019 • ( 0 )

  

  As you might have heard, there’s a new version of HTTP out there that’s far superior to HTTP/1.1. I won’t go into what exactly has changed in HTTP/2, but it’s faster and more secure, and allows for some even more… Read More ›

• Implementing HTTP 418 Errors on NGINX – NGINX Tricks Part 2

  By GrumpyTechie on September 5, 2019 • ( 1 )

  

  A year or so ago I got intrigued about how to “properly” implement custom HTTP errors on NGINX after watching this rather funny DEFCON talk. The speaker talks about returning “weird” HTTP codes since browsers usually seem to display anything… Read More ›

• Redirecting IP Traffic to HTTPS – NGINX Tricks Part 1

  By GrumpyTechie on August 26, 2019 • ( 1 )

  

  Lately I had a peculiar issue, I wanted to secure a web server running NGINX with HTTPS using Let’s Encrypt, but almost all traffic to said web server request the web page using the IP address of the server, since… Read More ›