Ssl on Janik von Rotz

Configure Let’s Encrypt auto renewal for certificates

Sun, 14 Feb 2016 22:28:26 +0000

This post is part of my Your own Virtual Private Server hosting solution project.
Get the latest version of this article here: https://gist.github.com/ddce334cd8ab21a40941.

Introduction

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. So far it works well and makes it easy to obtain a free certificate. Now the created certificates will expire withing 90 days. This post will show you how you can auto renew these certificates before they expire.

Install Let’s Encrypt and create a free SSL certificate

Fri, 04 Dec 2015 11:23:57 +0000

This post is part of my Your own Virtual Private Server hosting solution project.
Get the latest version of this article here: https://gist.github.com/2e0ee4cf7e04bb75742d.

Introduction

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). This guide shows you how you can obtain a free SSL certificate.

free SSL for everybody

Mon, 23 Mar 2015 09:09:11 +0000

Let’s Encrypt is the latest initiative by the Internet Security Research Group (ISRG). Their goal is simple, every site on the internet has to be SSL secured.

They want to achieve that by serving an open certificate authority (CA) and also provide a tool to set up a secured site the easiest way possible.

And now the big deal about this, their service is free of charge!

If this is really a thing, it will be a disaster for the SSL economy. As you might know SSL certificates are everything else than cheap. So good luck to every company that relays on selling SSL certificates as their core competence.

How the Heartbleed bug works

Mon, 14 Apr 2014 06:39:22 +0000

This is the most accurate explanation I’ve found so far. Thanks to xkcd.

Open SSL Heartbleed Bug

Wed, 09 Apr 2014 15:25:47 +0000

For those who missed it. The OpenSSL project has recently announced a security vulnerability in OpenSSL affecting versions 1.0.1 and 1.0.2 (CVE-2014-0160).

Details of the bug are available here: The Heartbleed Bug

You can check you website here: Heartbleed test

Details and update instructions from the websites of your Linux vendor of choice:

On Ubuntu the update is simply done by executing these commands:

sudo apt-get update
sudo apt-get upgrade

The following command shows (after an upgrade) all services that need to be restarted.

Nginx SSL website

Thu, 03 Apr 2014 07:54:04 +0000

This post is part of my Your own Virtual Private Server hosting solution project.
Get the latest version of this article here: https://gist.github.com/9408793.

Introduction

This best practice shows you the most advanced SSL configurations for your Nginx website. For productive usage it’s recommended to use only public-signed certificates.

Website Update SSL

Wed, 19 Mar 2014 15:15:21 +0000

Hi visiter,

As you might have already seen, this websites is now accessible over https.

I’ve moved this website to a new custom webserver run by Amazon AWS EC2.

I’m still trying to fix some minor errors, so don’t be confused if the website is not reachable for a certain time.

Apache vHost with SSL Certicate converted from .pfx Export file

Mon, 27 Jan 2014 14:03:40 +0000

This is an simple example for an Apache vHost SSL vHost configuration:

<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/keyfile.key
</VirtualHost>