A rather geeky/technical weblog, est. 2001, by Bramus
Back in the day I set up a few VPSes with WHM/cPanel on to host some sites. As back then the certificates for the cPanel services (FTPD, SMTP, WHM, …) were self-signed and Let’s Encrypt was still in its early days, I also ordered a wildcard certificate for *.3rds.be along with that and configured WHM …
Continue reading “Getting correctly signed SSL Certificates for cPanel/WHM Services”
In On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome I said: One of the things that’s still not really frictionless for your local development domains is the use of certificates. To circumvent the use of self-signed certificates I explained in said article how I have a dedicated …
Continue reading “Get HTTPS working on localhost, with green padlock”
👋 This post also got published on Medium. If you like it, please give it some love a clap over there. Earlier today, in a post entitled Secure Contexts Everywhere, it was announced on the Mozilla Security Blog that Firefox from now on will only expose new features such as new CSS properties to secure …
Today Freek from spatie released a new package: Laravel-uptime-monitor is a powerful, easy to configure uptime monitor. It will notify you when your site is down (and when it comes back up). You can also be notified a few days before an SSL certificate on one of your sites expires. Under the hood, the package …
Great stuff again by Freek Murze from Spatie: A PHP class to easily check the validity of an SSL Certificate. Easily? Yes, easily: $certificate = SslCertificate::createForHostName(‘spatie.be’); $certificate->getIssuer(); // returns “Let’s Encrypt Authority X3” $certificate->isValid(); // returns true if the certificate is currently valid $certificate->isValid(domain.com); // returns true if the certificate is currently valid for the …
The UpGuard external cyber audit uses publicly available information to grade your cyber risk posture. External scans are convenient and non-invasive but require an internal scan to assess the majority of risk factors. Checks for thinks like SPF records and stuff. UpGuard Web Scan →
If you’ve ever had to handle certificates, it can sometimes – especially when renewing them – become confusing to know which certificate is which. Enter certdiff, a handy diff tool for certificates, by Mattias Geniar: $ ./certdiff cronweekly.com/cert.pem sysca.st/cert.pem subject= /CN=cronweekly.com | subject= /CN=sysca.st issuer= /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority issuer= /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority notBefore=Feb …
In light of #https2015 I flipped the switch on bram.us earlier today: from today forth bram.us is only accessible over HTTPS. If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of …
Continue reading “Migrating your WordPress website from HTTP to HTTPS”
(That’s a presentation embedded above. Video also available)
Just choose the web server / web front you’re using (Apache, Nginx, HAProxy) + whether you want to support only modern, intermediate, or old versions of browsers and a proper configuration will be generated. <VirtualHost *:443> … SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/all_ca_certs # modern configuration, tweak to your needs SSLProtocol …