scottlinux.com SSL cert update | scottlinux.com has always been available over HTTPS, but now has a trusted cert so your browser should not complain. Here is the ssllabs report: https://www.ssllabs.com/ssltest/analyze.html?d=scottlinux.com Note for Windows XP users: scottlinux.com is using SNI in Apache so IE8 on Windows XP will complain of an untrusted SSL certificate. Firefox or Chrome on XP work fine.
Drupal Security Notes
Drupal Security Notes | Check out this article on Drupal Security: Drupal Security Notes If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Cool!
Enable or Disable Compression in Apache
Enable or Disable Compression in Apache | I’ll show you a quick way to actively check a server for compression as well as how to disable compression in Apache. Note: This has _no_ effect on the CRIME TLS vulnerability. Test for Compression A simple test page to test for HTTP compression is here: http://www.gidnetwork.com/tools/gzip-test.php Or alternatively, below is a manual test for
cURL Ignore SSL Certificate Warnings
cURL Ignore SSL Certificate Warnings | To ignore any ssl certificate warnings with curl, use the tack k option. Here is an example: $ curl -k https://scottlinux.com $ curl -I -k https://scottlinux.com HTTP/1.1 200 OK Date: Tue, 14 Feb 2012 20:00:03 GMT Server: Apache Strict-Transport-Security: max-age=43200; includeSubDomains X-Frame-Options: SAMEORIGIN Set-Cookie: bb2_screener_=1329249603+66.202.152.198; path=/ X-Pingback: http://scottlinux.com/xmlrpc.php Set-Cookie: PHPSESSID=lq5dpvfagbdstib7nlg2b8a0m7; path=/ X-Hello: Hello There Vary:
Create self-signed SSL certificate for Virtual Host
Create self-signed SSL certificate for Virtual Host | In Debian or Ubuntu, it is easy to generate a self-signed certificate for your virtual host. Here is how it works! 1. First, install the package ssl-cert: $ sudo apt-get install ssl-cert Since godaddy and the like are making 2048 bit certs common these days, optionally edit the file /usr/share/ssl-cert/ssleay.cnf and change 1024 bit 2048
Enable HTTP Strict Transport Security on Debian / Ubuntu
Enable HTTP Strict Transport Security on Debian / Ubuntu | HSTS or just STS can be enabled with Apache fairly easily. I’ll show you how! Enabling HSTS enforces a policy that all content from your server to the end user’s web browser will be over HTTPS. This can protect against interceptions, https stripping, and other possible man-in-the-middle attacks. First, enable mod_headers: $ sudo a2enmod headers
