I will try to keep this short and to the point. If you work in a Windows/Linux mixed environment, you may come across a scenario where you need to move SSL certificates and private keys from a Windows server using IIS to Linux running Apache or similar. Windows and Linux tend to use two different […]
In this article, let us review how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl. Source: How To Generate SSL Key, CSR and Self Signed Certificate For Apache The above linked article is an excellent overview that […]
Read about it more in detail here on Redhat’s site. This vulnerability affects all applications using certain versions of OpenSSL, so this is a cross-platform issue. This isn’t nearly as atrocious as Heartbleed was as there isn’t a chance of leaking your private keys. However, if you use Qualsys labs excellent SSL web scanner to […]
Free penetration testing tools abound. Free, easy-to-use penetration testing tools… not as much. Free, easy-to-use, web-hosted penetration testing tools, rarer still. I came across an excellent, web-hosted NMAP port scanning tool and I wanted to make sure I linked it here in case I needed it again in the future. Without further ado… https://pentest-tools.com/discovery-probing/tcp-port-scanner-online-nmap I […]
I have already discussed Heartbleed in detail and have provided instructions on how to close the hole on affected server. Now that the hole is closed the final step is changing your server’s private key and “re-keying” your SSL certificates. Re-keying simply involves creating a new certificate signing request and sending it to your (most […]
Heartbleed was a major vulnerability in the SSL protocol used by many many sites and services. Folks have been scrambling to patch it up quickly since it was announced a few days prior. If you are in the process of doing just that for yourself or your organization, you might be so busy fixing websites […]
The Heartbleed bug is what I would professionally classify as seriously scary stuff. Basically there is some kind of heartbeat functionality built into OpenSSL. Often, in tech talk, this kind of thing is used for remote service monitoring (i.e. if I have a pulse my service is at least up). In this case, I am […]