Requesting SSL Certificates can be a bit of a hassle, so today I’m going to show you how to easily generate SSL certificates with the help of OpenSSL and your CA of choice.
Internet
Disabling Insecure Ciphers on NGINX – NGINX Tricks Part 4
HTTPS is everywhere these days, but not many people think that much about which cipher suites are considered safe. Cipher suites determines what encryption algorithms are used to secure the communication over HTTPS, and as time goes on older cipher… Read More ›
Enabling HTTP/2 on NGINX – NGINX Tricks Part 3
As you might have heard, there’s a new version of HTTP out there that’s far superior to HTTP/1.1. I won’t go into what exactly has changed in HTTP/2, but it’s faster and more secure, and allows for some even more… Read More ›
Implementing HTTP 418 Errors on NGINX – NGINX Tricks Part 2
A year or so ago I got intrigued about how to “properly” implement custom HTTP errors on NGINX after watching this rather funny DEFCON talk. The speaker talks about returning “weird” HTTP codes since browsers usually seem to display anything… Read More ›
Redirecting IP Traffic to HTTPS – NGINX Tricks Part 1
Lately I had a peculiar issue, I wanted to secure a web server running NGINX with HTTPS using Let’s Encrypt, but almost all traffic to said web server request the web page using the IP address of the server, since… Read More ›
Getting started with Let’s Encrypt & Certbot – LE Series Part 1
I’ve been enjoying myself immensely playing around with Let’s Encrypt these last few days, and discovered a couple solution to common problems and issues, so I thought I’d make a small guide mostly for my own reference on how to… Read More ›
Fixing SSL Labs Grade on F5 Big-IP – ECDH public server param reuse
As you might have noticed from the title, this is a bit of a weird one. In our last installment we managed to get our grade up to A from B finally, and while we’re not mounting our final assault… Read More ›
Fixing SSL Labs Grade on F5 Big-IP – Certificate Chains
Today I’m starting a new series, which has the working title of “Fixing SSL Labs Grade on F5 Big-IP Load Balancers” which is a series on fixing the most common SSLLabs.com grade issues (We all want that A+, am I right?) when… Read More ›
Finally, a Way to Fix IIS SSL/TLS Support!
If you’ve managed HTTPS sites for any time, you’ve probably come across Qualys SSL Labs, which allows you to check that your certificates are installed correctly, and also check that your server is configured correctly. It also has the habit… Read More ›
How to Configure CAA Records for Your Domain
In a quite recent event, the CA/Browser Forum decided that there’s a need for a way for CAs (Certificate Authorities) to check if they are allowed to issue certificates for a certain domain. And in a even more recent move,… Read More ›