BSD

Using LetsEncrypt with Plex

The other day I blogged about using LetsEncrypt with FreeNAS. There were another two things around the house that I wanted to have proper SSL certificates on: my Plex server and the Unifi Controller. The latter looks like far too much effort to go through, but I did get it up and running for Plex pretty quickly this morning. Since I also used the same CloudFlare-based API updates for DNS, this one ...

Read More

BSD

Using LetsEncrypt on FreeNAS

Last week my LetsEncrypt certificate expired on FreeNAS which effectively locked me out of my FreeNAS UI when using Chrome (my default browser). Thinking perhaps that I had forgotten something during my upgrade to FreeNAS 11.2 I set out to figure out what the problem was, only to realize two things: one, I hadn't setup a cronjob to renew and two, I didn't blog about it.

Usually I write blogs primarily for my benefit on ...

Read More

Linux

Countdown to SHA1-based HTTPS Doom

So it's been noted in a few places that 2017 is the year that SHA1 for HTTPS is doomed. Microsoft has deprecated SHA1 in Edge and Internet Explorer browsers and in February 2017 will be blocking them entirely. Google is doing the same thing with Chrome starting January 2017, as is Firefox.

Most sites today don't use SHA1-based SSL certificates (which is good) and there are sites you can go ...

Read More

macOS

SSL Certificate Verification failure with fink's Python 2.7.9

Python 2.7.9 was released nearly a month ago and with it came some SSL-related changes (it backported the Python 3.4 ssl module and does HTTPS certificate validation using the system's certificate store). The latter can cause some problems with home-grown CA's, however. On Mac OS X, the CA certificate store is in the Keychain Access application which isn't exposed to commandline tools like Python. This will cause HTTPS certificate validation to ...

Read More

Linux

Heartbleed

I've refrained from posting or saying anything about Heartbleed all week because I didn't want to add to any sensationalism and hype, and I've also been too busy actually dealing with it (as opposed to simply talking about it or running around with hands waving in the air like a mad man). Now that the dust has settled a bit, I just want to link to some sites that I think are good to ...

Read More

macOS

Create your own SSL CA with the OS X Keychain

This week's mac techmail is Create your own SSL CA with the OS X Keychain. This talks about how you can use the Certificate Assistant on OS X, to create your own SSL Certificate Authority for a local network or internal organization. The tool is quite slick, if a little complicated for the uninitiated, but it does work quite well.

Read More

macOS

Managing SSL Certificate Authorities on OS X

This week's mac techmail is Managing SSL Certificate Authorities on OS X which takes you through adding a CA to the OS X keychain to verify SSL certificates. This is mostly useful for internal networks that use their own CA and it (obviously) doesn't come bundled with any OS. This allows OS X to trust these SSL certificates as if they were signed by one of the expensive/big-wig SSL certificate authorities.

Read More

Linux

Configure Apache to support multiple SSL sites on a single IP address

This week's TechMail is Configure Apache to support multiple SSL sites on a single IP address which talks about the new SNI (Server Name Indication) feature in Apache 2.2.12. This is a really welcome feature as previously if you wanted more than one SSL-secured site, you needed more than one IP address. Now you can have multiple SSL sites on a single IP address. While this isn't a universal thing yet ...

Read More

Linux

Another Debian OpenSSL article posted

The Register has just put up an article entitled After Debian releases SSL patch, a world of hurt for security pros. On page 2, I'm quoted which is cool, but what isn't cool is that the two typos in the article happen in my "quotes". Strange thing is that it was a phone interview, but now I look like an illiterate.

Oh well.

Good that the Register and many other outfits are picking this ...

Read More