Let’s Encrypt is an incredible, FREE, service that allows you to get trusted SSL certificates for your website. The certs expire every 90-days but what is great is that there are a lot of tools for auto-renewing the certificate without you ever having to touch anything on your server… until that process breaks.

Case-in-point: If you are running a Drupal 7 and are using the Apache Rewrite module (you should be…) then the default .htaccess file supplied with Drupal 7 core will block all access to hidden folders. (folders that start with a “.”) This is a problem for Let’s Encrypt because the auto-renew process generates a temporary key file that gets placed in a hidden folder on your web server that the Let’s Encrypt system has to be able to reach publicly (on port 80) in order to validate your server and fulfill your renewal request. Thankfully, another member of the Drupal community has already written the rewrite condition rule that needs to be placed in your .htaccess file to allow access to just the hidden folder required by Let’s Encrypt.
(more…)

Last year Google proposed marking any and all sites not using SSL in a negative fashion in its Chrome browser. This year they are indicating they plan on moving forward with this:

Google Chrome gets ready to mark all HTTP sites as ‘bad’

To clarify what this means for small content creators… an extra ~$100+ a year for hosting a website, not to mention SSL adds a layer of complexity to the hosting. (more…)

I will try to keep this short and to the point.

If you work in a Windows/Linux mixed environment, you may come across a scenario where you need to move SSL certificates and private keys from a Windows server using IIS to Linux running Apache or similar.

Windows and Linux tend to use two different key formats and this can make things tricky. Today I want to briefly write down/share the commands you can run using the OpenSSL framework to convert a Windows PFX formatted exported certificate into something Apache can use. (more…)

I have been using powershell to automate Internet Explorer interactions with a web application with a login page in our internal environment at work. I ran into an issue with my script because the page I was trying to access was secured with SSL and we were using a self-signed certificate. This causes Internet Explorer to redirect to a warning page rather than going straight to the site. I needed a way to bypass this warning page in code and I finally came up with a solution I am sharing here.

Normally I dive into articles like this with an assumption that people know everything I am talking about. This will be a bit different because on this topic I feel pretty green myself. As this is a fresh subject for me, I am going to treat it as a fresh subject for you. That being said, we are actually going to be working with a somewhat complex script by the time we are done and if you pickup most of the concepts along the way you are going to be off at a sprint with Powershell scripting.
(more…)

In this article, let us review how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl.

Source: How To Generate SSL Key, CSR and Self Signed Certificate For Apache

 

The above linked article is an excellent overview that is right to the point for generating SSL keys on a linux server. The instructions include generating a CSR (certificate signing request) that can be sent to a third-party cert authority to get yourself a full-fledged certificate file in addition to instructions on generating a self-signed certificate (often used for testing but handy for a myriad of other things…)

 

I would also recommend you take a look at this link if you need to generate a key without a passphrase: http://serverfault.com/questions/366372/is-it-possible-to-generate-rsa-key-without-pass-phrase

Enjoy!