Get HTTPS working on localhost, with green padlock

In On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome I said: One of the things that’s still not really frictionless for your local development domains is the use of certificates. To circumvent the use of self-signed certificates I explained in said article how I have a dedicated […]

On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome

👋 This post also got published on Medium. If you like it, please give it some love a clap over there. Earlier today, in a post entitled Secure Contexts Everywhere, it was announced on the Mozilla Security Blog that Firefox from now on will only expose new features such as new CSS properties to secure […]

Validating SSL certificates with PHP

Great stuff again by Freek Murze from Spatie: A PHP class to easily check the validity of an SSL Certificate. Easily? Yes, easily: $certificate = SslCertificate::createForHostName(‘spatie.be’); $certificate->getIssuer(); // returns “Let’s Encrypt Authority X3” $certificate->isValid(); // returns true if the certificate is currently valid $certificate->isValid(domain.com); // returns true if the certificate is currently valid for the […]

Diff two certificate files with certdiff

If you’ve ever had to handle certificates, it can sometimes – especially when renewing them – become confusing to know which certificate is which. Enter certdiff, a handy diff tool for certificates, by Mattias Geniar: $ ./certdiff cronweekly.com/cert.pem sysca.st/cert.pem subject= /CN=cronweekly.com | subject= /CN=sysca.st issuer= /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority issuer= /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority notBefore=Feb […]

Migrating your WordPress website from HTTP to HTTPS

In light of #https2015 I flipped the switch on bram.us earlier today: from today forth bram.us is only accessible over HTTPS. If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of […]

SSL Config Generator

Just choose the web server / web front you’re using (Apache, Nginx, HAProxy) + whether you want to support only modern, intermediate, or old versions of browsers and a proper configuration will be generated. <VirtualHost *:443> … SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/all_ca_certs # modern configuration, tweak to your needs SSLProtocol […]

Why Google is Hurrying the Web to Kill SHA-1

Something like 90% of websites that use SSL encryption use an algorithm called SHA-1 to protect themselves from being impersonated. This guarantees that when you go to green lock for facebook.com, you’re visiting the real Facebook and not giving your password to an attacker. Unfortunately, SHA-1 is dangerously weak, and has been for a long […]