scottlinux.com SSL cert update | scottlinux.com has always been available over HTTPS, but now has a trusted cert so your browser should not complain. Here is the ssllabs report: https://www.ssllabs.com/ssltest/analyze.html?d=scottlinux.com Note for Windows XP users: scottlinux.com is using SNI in Apache so IE8 on Windows XP will complain of an untrusted SSL certificate. Firefox or Chrome on XP work fine.
Drupal Security Notes | Check out this article on Drupal Security: Drupal Security Notes If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Cool!
Enable or Disable Compression in Apache | I’ll show you a quick way to actively check a server for compression as well as how to disable compression in Apache. Note: This has _no_ effect on the CRIME TLS vulnerability. Test for Compression A simple test page to test for HTTP compression is here: http://www.gidnetwork.com/tools/gzip-test.php Or alternatively, below is a manual test for
cURL Ignore SSL Certificate Warnings | To ignore any ssl certificate warnings with curl, use the tack k option. Here is an example: $ curl -k https://scottlinux.com $ curl -I -k https://scottlinux.com HTTP/1.1 200 OK Date: Tue, 14 Feb 2012 20:00:03 GMT Server: Apache Strict-Transport-Security: max-age=43200; includeSubDomains X-Frame-Options: SAMEORIGIN Set-Cookie: bb2_screener_=1329249603+22.214.171.124; path=/ X-Pingback: http://scottlinux.com/xmlrpc.php Set-Cookie: PHPSESSID=lq5dpvfagbdstib7nlg2b8a0m7; path=/ X-Hello: Hello There Vary:
Create self-signed SSL certificate for Virtual Host | In Debian or Ubuntu, it is easy to generate a self-signed certificate for your virtual host. Here is how it works! 1. First, install the package ssl-cert: $ sudo apt-get install ssl-cert Since godaddy and the like are making 2048 bit certs common these days, optionally edit the file /usr/share/ssl-cert/ssleay.cnf and change 1024 bit 2048
Enable HTTP Strict Transport Security on Debian / Ubuntu | HSTS or just STS can be enabled with Apache fairly easily. I’ll show you how! Enabling HSTS enforces a policy that all content from your server to the end user’s web browser will be over HTTPS. This can protect against interceptions, https stripping, and other possible man-in-the-middle attacks. First, enable mod_headers: $ sudo a2enmod headers