Tag Archives: Certificate

Check if the certificate of a domain was revoked

19Aug by Urs

Just had the need to quickly check if the certificate of a domain was revoked or not, and found this tutorial: OpenSSL: Manually verify a certificate against a CRL Well done, but two problems: If the server doesn’t send all certificates (including the root CA), the verify process will fail Too much to type… So i quickly created a bash … Continue reading →

Posted in Bash, Linux, Security, SSL/TLS | Tagged CentOS, Certificate, CRL, Linux, OpenSSL, SSL, TLS | Leave a comment

Increase SSL and TLS security on nginx and Apache by enabling PFS and HSTS

23Mar by Urs

The default configuration of SSL is fine on most Linux distributions (you will get an A-Rating at SSL Labs), but still could be done a lot better and more secure. Goals we want to achieve: Enable Perfect Forward Secrecy (PFS) Enable HTTP Strict Transport Security (HSTS) Disable SSLv2 and SSLv3 PCI compliant FIPS-ready (optional) Don’t break IE… NOTE: the configuration below will … Continue reading →

Posted in Apache, CentOS, Linux, nginx, Security | Tagged apache, Certificate, FIPS, HSTS, nginx, PCI, PFS, SSL, TLS | 3 Comments

Change host name of Puppet client

14Feb by Urs

Here are the steps i use to change the host name of a puppet client: On the client side stop Puppet, remove old certificates and change host name: Change the host name in /etc/sysconfig/network and /etc/hosts, then reboot the client. Remove the old certificate on the server: If you’re using Foreman, change the host name there too. Finally, initialize a … Continue reading →

Posted in CentOS, Linux, Puppet | Tagged CentOS, Certificate, Puppet | Leave a comment

Tag Archives: Certificate

Check if the certificate of a domain was revoked

Increase SSL and TLS security on nginx and Apache by enabling PFS and HSTS

Change host name of Puppet client

Recent Posts

Recent Comments

Categories

RSS Feeds

Archives