4 places to check your website’s ssl/tls security settings
Qualys – https://www.ssllabs.com/ssltest High-Tech Bridge – https://www.htbridge.com/ssl Comodo – https://sslanalyzer.comodoca.com SSL Checker – https://www.sslchecker.com/sslchecker
Search Results for: ssl
ssl configuration for apache 2.4 on centos 7 with let’s encrypt
In follow-up to previous posts I’ve had about SSL (specifically with Let’s Encrypt), here is the set of SSL configurations I use with all my sites. These, if used correctly, should score you an “A+” with no warnings from ssllabs.com. Note: I have an improved entropy package installed (twuewand). This is adapted from the Mozilla config…
continue “ssl configuration for apache 2.4 on centos 7 with let’s encrypt” »
automated let’s encrypt ssl certificate renewal on centos 7
In my how-to for Let’s Encrypt, I gave an example script that can be called via cron (or manually) which will renew Let’s Encrypt SSL certificates under CentOS 6. If you want to do it on CentOS 7 (which is what I am now running), use the following: cd ~/letsencrypt git pull systemctl stop httpd.service…
continue “automated let’s encrypt ssl certificate renewal on centos 7” »
let’s encrypt centos 6 – truly free ssl
There’s been quite a bit of excitement surrounding Let’s Encrypt recently – a truly 100% free SSL issuer. Last week I helped a friend of mine get his first Let’s Encrypt certificate generated and configured for his website. One of the things I found incredibly frustrating is that Let’s Encrypt does not have a package…
on using nmap to help find tlstorm-affected devices
You may have heard of the recently-discovered/-published TLStorm vulnerability that affects – at least – APC SmartUPS devices. One of the prime issues highlighted is the embedded nanoSSL library that APC has used on these systems. If you want to find out if your system is affected, the following nmap except should start you towards…
continue “on using nmap to help find tlstorm-affected devices” »
determining the ‘legitimacy’/’reliability’ of a domain
I’ve recently been asked by several people to investigate websites (especially e-commerce ones) for reliability/legitimateness. Thought someone else may find my process useful, and/or have some ideas on how to improve it ? So here goes: Pop a terminal window (I’m on a Mac, so I open Terminal – feel free to use your terminal…
continue “determining the ‘legitimacy’/’reliability’ of a domain” »
sshuttle – a simple transparent proxy vpn over ssh
I found out about sshuttle from a random tweet that happened to catch my eye. Here’s the skinny (from the readme): Your client machine (or router) is Linux, FreeBSD, or MacOS. You have access to a remote network via ssh. You don’t necessarily have admin access on the remote network. The remote network has no…
continue “sshuttle – a simple transparent proxy vpn over ssh” »