Using Let’s Encrypt with Drupal 7? Add This to the Default .htaccess File so that Cert Renewals Work

nbeam published 6 years ago in Apache, Drupal, Information Security, Linux, SSL, Web Administration. Tags: , , , ,

0

Let’s Encrypt is an incredible, FREE, service that allows you to get trusted SSL certificates for your website. The certs expire every 90-days but what is great is that there are a lot of tools for auto-renewing the certificate without you ever having to touch anything on your server… until that process breaks. Case-in-point: If […]

If you want to mark all non-SSL encrypted sites as “bad” – then figure out a way to open up SSL

nbeam published 8 years ago in Information Security, Network Security, SSL, Web Hosting. Tags: , , , ,

1

Last year Google proposed marking any and all sites not using SSL in a negative fashion in its Chrome browser. This year they are indicating they plan on moving forward with this: Google Chrome gets ready to mark all HTTP sites as ‘bad’ To clarify what this means for small content creators… an extra ~$100+ […]

Convert a Windows Formatted PFX Certificate File to Something Apache and Linux Can Use

nbeam published 8 years ago in Apache, Information Security, Linux, Microsoft, OpenSSL, SSL, Web Administration. Tags: , ,

0

I will try to keep this short and to the point. If you work in a Windows/Linux mixed environment, you may come across a scenario where you need to move SSL certificates and private keys from a Windows server using IIS to Linux running Apache or similar. Windows and Linux tend to use two different […]

Powershell Script to Open a Web Page and Bypass SSL Certificate Errors

nbeam published 8 years ago in Microsoft, Powershell, SSL. Tags: , , , ,

13

I have been using powershell to automate Internet Explorer interactions with a web application with a login page in our internal environment at work. I ran into an issue with my script because the page I was trying to access was secured with SSL and we were using a self-signed certificate. This causes Internet Explorer […]

How To Generate SSL Key, CSR and Self Signed Certificate For Apache

nbeam published 9 years ago in Linux, OpenSSL, SSL. Tags: , , ,

0

In this article, let us review how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl. Source: How To Generate SSL Key, CSR and Self Signed Certificate For Apache   The above linked article is an excellent overview that […]

More OpenSSL Horror – CCS Injection Vulnerability – Fix Your Linux Servers…

nbeam published 9 years ago in Information Security, Linux, OpenSSL, SSL, Ubuntu. Tags: , ,

1

Read about it more in detail here on Redhat’s site. This vulnerability affects all applications using certain versions of OpenSSL, so this is a cross-platform issue. This isn’t nearly as atrocious as Heartbleed was as there isn’t a chance of leaking your private keys. However, if you use Qualsys labs excellent SSL web scanner to […]

Fix Your Weak Windows Server SSL Issues… Registry Update File Provided

nbeam published 9 years ago in IIS, Information Security, Microsoft, SSL, Web Administration, Windows Administration. Tags: , ,

3

In a post Heartbleed world, implementation of SSL is being scrutinized like never before (at least in my short years of experience in information security). Even though Microsoft/IIS implementations were hardly, if at all, affected by Heartbleed, they do often suffer from other common SSL vulnerabilities. This is particularly true of Microsoft Server 2003 R2 […]