#SSL
Hmm. The certificate for https://windows.microsoft.com/ has expired.
Właśnie skończyłem opisywać proces konfiguracji #SSL #LetsEncrypt dla #Apache w #Ubuntu LTS. Na pewno przyda się to nie tylko początkującym. Dla mnie jest sposobem na porządkowanie wiedzy i naukaę tworzenia dokumentacji dla innych: https://blog.jurkiewicz.tech/how-to-configure-free-ssl-certificate-with-certbot-letsencrypt-on-ubuntu-linux-20-04-61e1553f250b
Hello #ECH, now I can go back at setting a wildcard #DNS entry for a domain, pointing to a reverse proxy with "exotic" subdomain names instead of traditional service names 😀
#SSL #TLS #ESNI #Cloudflare
https://blog.cloudflare.com/announcing-encrypted-client-hello/
#Quick and #Easy #SSL #Certificates for Your #homelab | by #wolfgang 🐺
I find it ironic that the Website of #Modsecurity (https://modsecurity.org) has an invalid #SSL certificate. 🤦♂️
Which SSL library should you chose? This is a nice review of the many options available today. It was written for HAProxy but most of the information is valid for any server. https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status
OpenSSL is clearly not an option anymore for production servers.
Towards zero-config #ssl/#tls with #mariadb #opensource #database https://mariadb.org/mission-impossible-zero-configuration-ssl/
Running one's own root Certificate Authority in 2023
#tls #ssl #ca #certificate #rootcertificate
https://wejn.org/2023/09/running-ones-own-root-certificate-authority-in-2023/
Anyone know of a CouchDB cloud service? All I can find are cloud machines that can install CouchDB, but I want to not do all that setup and configuration. Just need admin on a CouchDB installation over SSL. It's to be synced with PouchDB running in the browser from a GitHub Pages kind of setup.
#dev #cloud #couchdb #pouchdb #DBaaS #ssl #https #web #webdevelopment #WebDev #browser #JavaScript
Got my #homelab services behind a reverse proxy and #SSL certificates this week. Now just fine-tuning everything!
My family does not share my excitement, but maybe the #fediverse will?
Gestern erreichte mich eine E-Mail von einem ehemaligen Kollegen. Dieser wollte mir unter anderem mitteilen, dass mein TLS/SSL-Kochbuch von 2016 immer noch hoch geschätzt und gelobt wird. Darüber habe ich mich sehr gefreut. 😀
Artikel zum TLS/SSL-Kochbuch: https://www.my-it-brain.de/wordpress/mein-tls-kochbuch/
Cloudflare SSL origin certificate not working on wordpress Ubuntu #server #apache2 #ssl #wordpress
Traefik dashboard returns 404 page not found + TLS handshake error: remote error: tls: bad certificate (traefik + bind9 + CloudFlare + Let's Encrypt) #dns #docker #ssl #bind #wildcards
Traefik dashboard returns 404 page not found (traefik docker and bind9 docker setup) #dns #docker #ssl #bind #wildcards
Congrats to my friends at Anchor.dev on their launch!
https://blog.anchor.dev/the-acme-gap-introducing-anchor-part-1-of-3-2466ad7e53f6
#developers on #Fosstodon and the FediVerse:
I use #meshcentral as my production RMM in my IT small biz.
The issue's pattern: you have a #cloudflare DNS service routing traffic to your Meshcentral instance, often behind an #nginx reverse proxy. The main website works, but the remote connections start failing half the time. Now they always fail at a 0 sec timeout.
It seems caused by a change in cloudflare likely with #websockets but possibly #ssl certs?
Thoughts on this?
https://github.com/Ylianst/MeshCentral/issues/5302
#OpenSSL 1.1.1w #LTS has been released (#SSL / #TLS) https://openssl.org/
OpenSSL 1.1.1 End of Life
https://www.openssl.org/blog/blog/2023/09/11/eol-111/?utm_medium=erik.in&utm_source=mastodon
I am currently trying to wrap my head around #FIDO #attestation and all those involved formats and protocols like the #jwt and the #FIDO2 #SSL properties.
#OpenSSL 3.2 Alpha 1 has been released (#SSL / #TLS) https://openssl.org/
👀New and improved #cPanel #hosting
Save 50% off w/ CODE: “TRYRAD” 🌞
✅ Free #SSL Certificates!
✅ Free white-glove #migration!
✅ Nightly/Weekly/Monthly + Offsite #backups
✅ #Malware scanning & removal
✅ 100% #SSD-powered servers
✅ Multiple #PHP (PHP7.3-PHP8.2)
✅ #Softaculous 1-click #App #Installer
✅ Drag & Drop #Website Builder
✅ 24/7 US-based #Support
✅ #Redundant Power Feeds at every Rack
✅ #Uninterruptible Power supplies to All Racks
🌐 Get Yours👉 https://radwebhosting.com/shared-hosting
Mail ist halt aus Datenschutzsicht auch nix. Denn man hat keinen Einfluss, über welche Server das läuft und was die Serverbetreiber mitlesen oder gar speichern und weitergeben.
Insbesondere, wenn man womöglich sogar #Gmail benutzt, ist zu 100% gewiss, dass man die Daten Dritten zur Verfügung stellt.
Richtig wäre Übermittlung über ein Meldeportal mit #SSL verschlüsselter Verbindung (#HTTPS), oder ausdrucken und hinbringen / Postweg im Briefumschlag
Secure your Website and all its Sub-domains with a single Wildcard SSL Certificate from globally reputed CAs such as Sectigo, Certera, etc. at affordable pricing starting at just $19.99/year!
➡️ https://certera.com/ssl-types/wildcard-ssl-certificates
Anyone know of an #http parsing library or code for classic #macos? After decrypting a #SSL #TCP stream I’d love to shove it into a lib that can parse it all out and let me extract the relevant bits. I found HTTP sample code for OpenTransport but not sure if that’s right path. I may also not be thinking of the problem correctly but having fun experimenting and kinda don’t want to write it from scratch #RetroComputing #macintosh
@bagder @BrodieOnLinux also because #wget as implemented in #Toybox doesn't support #SSL unless one fiddles with it or can use the pre-made binaries...
Previously:
https://infosec.exchange/@Alen_T_Szabo/110991184638721586
And the story continues. Maybe it worth to read.
Today I had a meeting at a bigger traffic hub of #Budapest, #Hungary. At the time I arrived to the meeting I thought I will let my partner know about it so I was about to send a message. If I could. Because to push the power button on my the the reaction of the phone was a buzz and that's it. At that time I know already there's shit in the soup. I just tried push the button, buzz, nothing, push the button, buzz nothing but I tried further. I tried to perform a hard reset. The phone turned on. I saw the average animation at the boot screen and I lifted my middle finger to the air (obviously several cameras was staring at me). The screen went blank. I could push the buttuns later, nothing happend. I could push any combination of the buttons. Nothing happened. Literally nothing as my phone died. I had an idea to check what wappens if I plug the charger in. I plugged my phone to the wall when it normally turns on and starts charge but no. Literally nothing happened. What does it mean? Biatch, the hungarian government have cyber weapons and they are using them against CIVILS. My sin was to BE THERE! In both cases that happened to me, first the police officer turned on my phone with his cyber weapon, later some security related contractor of the hungarian government didn't let me to turn on my phone. This means for me there is a hardware backdoor in my phone since they are able to control turned off devices, doesn't matter what kind privacy OS do you have. I was able to turn on the phone only after my meeting when I was about to leave the place. Later I met with symptoms, however my #Orbot did work, my #VPN too, I could not use #Firefox, it did not accept some #SSL certificate. I could not use the #Tor browser eighter since it connected to the first node, to the second it couldn't. It was just trying, trying and that's it. At that point I thought it's smarter to wipe that phone. And you think that the promblem is at #China, because they need to use Tor to reach the internet. No. The problem is at #Hungary, where the government uses cyberweapons against it's citizens, during the day, because they are! Maybe they will make my #wifi and #bluetooth disappear of the system, as they do sometimes after I post here, but whatever. 🖕
SSL-Zertifikat: Okay, das Einrichten der erforderlichen ".htaccess" Datei hat funktioniert, war aber ein rechtes Gefrickel, wenn ich das mal sagen darf, liebes IONOS. Kann man sowas nicht automatisieren, wenn man ein SSL-Zertifikat mit der Domain verbindet? Moderne Texteditoren, zum Beispiel auf dem macOS, kennen gar keine schnöden "txt" Dateien mehr und weigern sich auch eine Datei abzuspeichern, der ein "." voran steht. Egal, irgendwie hat es funktioniert, und meine Webseite hat jetzt eine gesicherte Verbindung.
#ssl #ionos #https
POV:
"You are a flipping #music #addict , and think it is a good idea for your #frontpage to reflect that"
https://www.youtube.com/watch?v=-pgcpxgBrVg&feature=youtu.be
(Sure. it is static. And the #generator is on a non #ssl page,but I barely have #albums I'm hyped about these days. I'm a #picky biach)
The #reorder function was easier to implement than I thought, and
<iframe src="?timestamp=<?php echo time(); ?>" width="600" height="400"></iframe>
makes for perfect #cache #Busting
#StuffAlcea #CurrListeningAlcea
I finally 1. Can use my own custom status update #wordpress plugin. Though I still need to connect it to #activitypub once I figure out how to do #rss. And 2. Solved the #SSL issue for a second blog without spending money, by setting up the blog as subfolder instead of su domain. All which means, I will post less here and once I have activity pub implemented, not at all. 👌
Anyone familiar with #Java’s SSL code? The SSLSession.getPeerCertificates() method, which you can use on the server to lookup any client certificates provided, has gained a warning that the returned certificate chain may be incomplete and shouldn’t be used for trust decisions. Anyone know the story behind this? - because a lot of code is using this precisely to make trust decisions. (The method is already supposed to throw an exception if the peer is not authenticated).
My best guess is that it’s because the SSLSession can be got hold of during the handshake and the authenticity can’t be guaranteed until after the handshake completes, but I want to make sure I’m understanding. The JDK bug referenced in the git repo for the change is not public.
#cryptography #ssl
How is a Wildcard SSL Certificate Beneficial for your Website?
Unlock the Key Benefits of using a Wildcard SSL Certificate for your website
▶️https://certera.com/kb/why-website-needs-wildcard-ssl-certificate/
Can I please ask for help from anyone who's good on #WordPress? or #SSL? I have a problem with SSL on my website: I installed Really Simple SSL to allow my site to be https, but it doesn't seem to be updating properly, because... I dunno, it's beyond me. As such my website has a security block for visitors. I think it's an expiry thing. I'm not in the mood to pay for anything, so what should I do in terms of plugins or whatever?
Sorry, I am a bit of a dunce at this sort of stuff.
Sadly, #toybox doesn't like to build it's #wget with #SSL / #TLS due to a missing header file...
https://github.com/OS-1337/OS1337/issues/1
![Terminal ourput:
user@x230t:~/projects/os1337/build/toybox-0.8.10$ LDFLAGS=--static CROSS_COMPILE=i686-linux-musl-cross/bin/i686-linux-musl- make ARCH=x86 toybox
scripts/make.sh
generated/{flags.h}
Compile toybox
..........toys/net/wget.c:60:10: fatal error: tls.h: No such file or directory
60 | #include <tls.h>
| ^~~~~~~
compilation terminated.
make: *** [Makefile:17: toybox] Error 1](https://assets.toot.cafe/cache/media_attachments/files/110/964/874/004/096/925/small/81df94f454b004c4.png)
My goal was to exlusively use the #SSL e-channel plugin which almost worked. 😅 I had to use the #FabFilter #ProQ3 to get rid of annoying snare ring, as well as #Izotope #Ozone10 and #Softube Tape for sound shaping, but that's it!
I also used the #CheatSheet from #HardcoreMusicStudio and it helped me a lot! It was very freeing to not rely on your eyes anymore and I'm also a big fan of SSL, as it was my first console I ever mixed on. And I also own and love the SSL 2+ #AudioInterface! 😍
5 of 6
had nog geen #SSL #certificaat. Nu aangevraagd dus moet #httpS straks wel werken.
STRATO SSL
Gebruik de SSL-encryptie voor veilig dataverkeer en beheer je eigen SSL-certificaten.
Het certificaat is over enkele momenten beschikbaar.
I'm always so happy that I can learn from friends. For today, I've set up a web hosting panel (CloudPanel) on my server. This server has a bit of an unusual setup, which makes it sometimes harder to get things working.
https://cytag.nl/@kevin@chyros.net has helped me with a "Too many redirects" issue when I set up this Mastodon instance, and his advice helped me today to solve the same bug.
So, if you are running an NGINX server and you have this "Too many redirects" issue, go have a look at my post at 3XN.nl. This particular case is about the correct configuration in case you have a proxy that controls all your SSL certificates instead of the server itself.
https://3xn.nl/projects/2023/08/24/cloudpanel-website-causing-too-many-redirects/
The article is subject to change, some code could be uncommented to still work, but this is a quick hack.
Thanks, Kevin!
#opencloud #ssl #vhost #nginx #hack #redirects #certificates
Since #Shitter has gone down the drain and hasn't renewed ther #SSL #certificate for their #OnionService I've yeeted them from the onion.domains.list.tsv...
:birdsite: :twitter: :deadbird:
#Twitter
We are pleased to announce that Whonix and Kicksecure are utilizing website TLS with the highest available security options
https://libranet.de/display/0b6b25a8-3064-e147-4999-e91200903040
We are pleased to announce that Whonix and Kicksecure are utilizing website TLS with the highest available security options:
https://forums.whonix.org/t/tls-with-its-highest-available-security-options/17098
@dentangle @pbx Agreed. There should be a way to set exemptions for sites, like you can already do when encountering self-signed certificates. Keep a big fat warning in the address bar. #ssl #tls #firefox
And once _again_ I am reminded that my ignorance about #ssl and #kubernetes separately is only surpassed by my ignorance about them in combination.
I finally understood how to create #TLS client certificates, and I like it. It would be a good way to access services in my home network remotely without having to enter a password.
I can access https://fellr.net:1234 just fine, but you can't unless you have the certificate.
@Perl A tip from @philsplace for those having trouble connecting to #MariaDB using #Perl #DBI and an #SSL / #TLS connection: https://mastodon.sdf.org/@philsplace/110906522769129740
Windows feature that resets system clocks based on random data is wreaking havoc - Enlarge
A few months ago, an engineer in a data center in Nor... - https://arstechnica.com/?p=1961136 #securetimeseeding #certificates #systemclock #features #security #windows #biz #ssl
Ars Technica: Windows feature that resets system clocks based on random data is wreaking havoc https://arstechnica.com/?p=1961136 #Tech #arstechnica #IT #Technology #securetimeseeding #Certificates #systemclock #Features #Security #Windows #Biz&IT #ssl
Here's how to generate a CSR with MMC
Why isn't there already a Get-WebCertificate or something, for fetching the TLS certificate being used by a web server?
Well, my old version doesn't work in PowerShell 7, so I had to put this together for someone this week:
https://gist.github.com/Jaykul/74508c0c8425e6d5d300caa84c8f873f
#PowerShell #SSL #TLS #Certificate #PS7 #ServerCertificateValidation
@animemer @thecatcollective @torproject not to mention all the protocols of all their applications and devices from #DVB over #TCP / #UDP ( #IPv & #IPv6 ) are #OpenSource.
- Even if they use shitty #MicrosoftExchange's #MAPI instead of #IMAP, the #Mailserver still uses #SMTP to sent out stuff.
- #HTTP (#Apache, #ngnix)
- #FTP (#vsftpd)
- #SSL (#OpenSSL & #Mozilla NSS)
- #SteamDeck runs #ArchLinux / #SteamOS
- #NintendoSwitch & #PS3-#PS5 & #PSvita run #FreeBSD.
Storing encrypted data is actually easy. Just the normal #SSL and #HTTPS stuff, salts, etc.
Now, only the user can view it and not the owner of the database.
Then you take it a step further. Encrypted messages between users. Okay, cool. Public-Private key encryption with an alternating k, because we learned from Sony's mistakes.
But what if you have a service that provides an additional service and requires a user's private key, api key, or secret? So, for example, an automated system performing actions on an API, so the user provides their API keys?
How do you securely store this, that your service can use it, decrypt it, and securely perform operations but still be safe if your infrastructure is ever hacked?
Is the answer just simply environmental variables and .env, or is it more complicated than that?
Is there something odd going on somewhere in #SSL/cert land? Last night a whole bunch of fresh Ubuntu boxes stopped being able to curl lots of well known sites (terragrunt, pypi etc) with cert errors yet not all, and nothing broken from my old Mac.
I'll dig in today, but this is just the sort of thing where Squitter was handy
fosdem-2012-talk-kaie.pdf
https://kuix.de/fosdem2012/fosdem-2012-talk-kaie.pdf
Let's Encrypt cert change: Last time they changed the signing setup a bunch of stuff broke
https://letsencrypt.org/2023/07/10/cross-sign-expiration.html
#letsencrypt #software #android #crypto #x509 #ssl #-
By the way, if you want to test your TLS configuration for potential security issues and you don’t want to use a web site like SSL Labs, you can do so locally with a free and open cross-platform bash-based tool called testssl.sh.
One thing social media doesn't do well is secure messaging. So, of the options out there, what do you believe is the most secure messaging app? If you find this useful, please boost.
#secureChat #SocialMedia #Security #Messaging #Poll #mastodonpoll #Telegram #WhatsApp #Signal #Messages #SMS #SSL #Encryption
Das BSI Testwerkzeug zur Durchführung von TLS-Konformitätstests ist als »TLS Checklist Inspector« online verfügbar. (Hosting/Betrieb achelos) 👇
Hoy fue día de mejorar seguridad y rendimiento para la infraestructura de @impulsait incluyendo mastodon.cr
✅ #DNSSEC y conectividad #IPv6 para los servidores de nombre y dominio mastodon.cr
✅ Mejoras en conexiones seguras TLS/SSL: Registro CAA, OCSP stapling, HSTS Preloading
✅ Actualización de proxy web que sirve mastodon.cr a Debian 12
Resultados:
💪 Hall of Fame @internet_nl https://en.internet.nl/site/mastodon.cr/2156533/
🎉 A+ en #SSL Server Test:
https://www.ssllabs.com/ssltest/analyze.html?d=mastodon.cr&s=2803%3a6900%3a602%3acafe%3a0%3a0%3a0%3a80
🆕 Category with European/EU-based ACME SSL certificate providers (Let's Encrypt alternatives)
With Buypass Go SSL and ZeroSSL
#europe #letsencrypt #acme #ssl #certificate
https://european-alternatives.eu/category/acme-ssl-certificate-providers
@q Which reminds me how fucked up and fundamentally broken #SSL is and that the entire #RentSeeking businesses of #CA's must be abolished.
Instead of @letsencrypt, we should've pushed for #CAcert since the latter one actually does #DueDiligence and is harder to penetrate or even abuse than getting an EV-SSL - cert fraudulently via #SocialHacking...
9️⃣ We recommend staying away from websites that don't use #SSL certificates. If a business or service provider doesn't deserve your trust if they're not using an SSL certificate.
#Development #Demos
TLS byte by byte · Watch a web page performing a live, annotated https request for itself https://ilo.im/12unm4
_____
#Security #Cryptography #Protocol #WebDevelopment #WebDev #HTTPS #SSL #TLS
Oh great and all knowing Fediverse, who will sell me a code signing certificate that I don't want but basically have to have, at a price that won't piss me off?
Have a site with an invalid SSL cert error that won't let you through? In Edge, just type "thisisunsafe" on your keyboard with focus on the browser warning page and you're in. #SSL #MicrosoftEdge
🙃🔐
@maxandersen Oh, and do you remember the days when #Maven central was serving JAR files using unencrypted #HTTP (without #SSL/#TLS)? With simple Man-in-the-middle proxy you could inject any code to any #Java dependency... https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/
Das in einer Zeit, wo es #Certbot und #Letsencrypt gibt, #SSL-Zertifikate auslaufen, ist mir irgendwie unverständlich. Diese ganze SSL-Verscherblerei war auch nur moderner Ablasshandel in meinen Augen.
"Aber hinter einem Proxy, im internen Netz geht das nicht...": Doch: sobald ich eine externe IP an den Service binden kann, geht das..ich brauche nur eine Domain mit authoritativem, automatisierbaren DNS.
* Eigene Domain darauf zeigen lassen
* Certbot-Challenge via DNS
* Fertig
It has always annoyed me that SSL Self-Signed-Certificate messaging gives the impression that by accepting the SSC you will not have secure communications. The data will indeed be encrypted in transport; what you lose is a level of certainty that the endpoint is who you think it is, which is a different issue that deserves to be considered on its own merits. #HTTPS #SSL #Self-Signed-Cert
@learosema Personally, I'm convinced most #web2.0 [don't get me started on the #scam that is #web3] is just #bloatware and should be dismissed.
I think that @ActionRetro shows how much #bloat is unnecessary...
https://www.youtube.com/watch?v=c_v2_vTogS8
[tho I think #SSL is a valid and important tech and I sincerely disrecommend trying to use #FrogFind and it's proxy for online banking]...
@stux @SwiftOnSecurity @shanselman *nodds in agreement*
And whilst I've prefered if #CAcert and it's #EV-alike #identification & #assurance would've taken ocer instead of #LetsEncrypt, I'd rather see a sloppy "free #SSL for everyone" than paywalling of said feature.
Just released version 5.0.0 of @small-tech/https: A batteries-included version of the standard Node.js https module.
https://www.npmjs.com/package/@small-tech/https
Replace https with @small-tech/https to get:
- Automatically-provisioned trusted local development TLS certificates.
- Automatically-provisioned Let’s Encrypt TLS certificates.
- Automatic HTTP to HTTPS forwarding.
Version 5 includes this week’s new Auto Encrypt Localhost version 8 and is 100% JavaScript.
How have we not solved #WiFi redirects yet? If you're activating a new model or accessing a public network, you just get a bunch of #SSL errors as the network tries to redirect you but the browser refuses them. Users don't understand what these errors mean and definitely don't know the neverssl.com trick.
Is there really no way we can securely say: "The router is refusing your connection and redirecting you to your ISP's website"? This feels solvable, isn't it?
Just released version 8.2.0 of Auto-Encrypt Localhost
All status changes are now communicated via events instead of console messages.
Think I’m pretty much done with v8 now.
Next: update https (https://codeberg.org/small-tech/https) to use it and then update Kitten (https://codeberg.org/kitten/app) to use the updated https. (Which should make Kitten cross-platform, including on ARM.)
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
#SmallWeb #SmallTech #AutoEncryptLocalhost #cli #TLS #SSL #https #localhost #NodeJS #web #dev
Auto-Encrypt Localhost version 8.1.0 released
Now with 100% more Command-Line Interface (CLI).
To create your local development certificates using the CLI:
npm install --global @small-tech/auto-encrypt-localhost
auto-encrypt-localhost
That’s it!
Enjoy :awesome:
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
#SmallWeb #SmallTech #AutoEncryptLocalhost #cli #TLS #SSL #https #localhost #NodeJS #web #dev
Working on getting the rewrite of Auto Encrypt Localhost (think mkcert but in Node.js and now in 100% JavaScript without using mkcert or certutil) complete today so I have time to test and prepare a demonstration for our first #SmallIsBeautiful live steam this Thursday.
You can follow our #owncast steaming server from your #mastodon / #fediverse account to be notified when we go live.
#tls #ssl #web #dev #tools #SmallWeb #AutoEncryptLocalhost #nodeJS #js #JavaScript
#NewYear - new opportunities!
Maybe @ff3 can help you reach your goal(s) faster by giving you a better overview of your #finances and your good and bad #habits.
It took us a while to add some more #tutorials to our #wiki. Not only #ssl, #redis & #docker are now included, the big player this year can probably be #firefly3 for you.
Knock yourself out with this little tutorial for Docker or for #archlinux
https://techsaviours.org/news/en/your-own-open-source-finance-tool-firefly-iii
https://wiki.techsaviours.org/en/extras/firefly3
Also available in #german
How very bizarre… Chrom(ium) chokes if your TLS server certificate has an @ symbol in the Common Name (CN) field. It also fails with an “unable to parse file” error if you try to import a certificate authority that has the same (but, if you add the same certificate authority to the system trust store, it imports it without issue when you next start the browser).
TL; DR: Do not use the @ symbol in the Common Name (CN) fields of your TLS certificates.
Right, there is a way: Here’s how you can add a certificate authority (CA) to Firefox on Linux that also works on Fedora Silverblue: https://github.com/fedora-silverblue/issue-tracker/issues/397#issuecomment-1372211636
And with that, I don‘t think there’s any other blocker for my rewriting Auto Encrypt Localhost as a mkcert alternative in pure JavaScript for Node.js that doesn’t require certutil or any other binary dependency to be installed.
🤓👍
#mozilla #firefox #fedora #fedoraSilverblue #tls #ssl #linux #enterprise #certificates #nodeJS #mkcert
I’m not going to use bloody bugzilla, so if anyone from Mozilla sees this, your enterprise flow for adding certificate authorities (CAs) to Firefox on Linux fails on Fedora Silverblue.
Since Fedora Silverblue is seen as the possible future of Fedora/Red Hat, you folks might want to talk to the Fedora folks about it and come up with a solution.
https://github.com/fedora-silverblue/issue-tracker/issues/397
#mozilla #firefox #fedora #fedoraSilverblue #bug #tls #ssl #redHat #linux #enterprise #certificates
If you get #SSL_ERROR_NO_CYPHER_OVERLAP (Firefox) or #ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chromium) errors when calling https.createServer() in Node.js, you’ve got your options and listener order reversed in your method call. It should be options first, listener second.
(I’m actually working on generating certificate authorities/certificates so I was frantically searching the X.509 code for some obscure bug.)
My kingdom for parameter objects/named parameters.
Just released v4.0.0 of Auto Encrypt (Automatically-provisioned TLS certificates for Node.js servers using Let’s Encrypt.)
This is a semver major release that requires Node.js LTS 18.2+.
https://codeberg.org/small-tech/auto-encrypt
#NodeJS #AutoEncrypt #TLS #SSL #LetsEncrypt #JavaScript #JS #SmallTech #SmallWeb #web #dev
A client of mine hired Ernest & Young 🤑 to run a vulnerability scan (with tenable #Nessus) against a site I built and it seems to not like the Let’s Encrypt X.509 certificate. Now, I was asked to fix it within two weeks. Does anyone know if there’s another option than buying a certificate from a “trusted” authority? #SSL #certificates #infosec
Why would @namecheap offer #WordPress hosting but then try to upsell you just for an #SSL certificate?
I am not happy. #NameCheap
@thejustkat I considered that too, then figured it sounded like hard work so what the hell :)
I did have to put an #SSL #certificate onto one of my personal web-sites though; just so I'd have a green #verified box.
My #priorities might be messed up.
Det här med Internets rotcertifikat är inte alltid helt lätt att sätta sig in i, ändå spelar de en viktig roll för säkerhet på Internet ... 🧐 🤔 🔐
#cybersec #cybersecurity #rootcertificate #encryption #ssl #tls #certificateauthority #ca #itsakerhet #trustcor