SSL – IT записник

Configure Apache for A-rating on SSLLabs

12.12.2017 Автор reverse

Just add following lines to vhost.conf SSLEngine on SSLProtocol TLSv1.2 TLSv1.1 SSLProxyProtocol TLSv1.2 TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25

Add CA certifice from Let’s Encrypt to Java 8

24.05.202401.08.2016 Автор reverse

For add cert to Java 8 you need use keytool

cd /tmp/ && \
curl -O https://letsencrypt.org/certs/letsencryptauthorityx1.der && \
sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -file  letsencryptauthorityx1.der  -storepass changeit && \
curl -O https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der && \
sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias lets-encrypt-x3-cross-signed -keystore $JAVA_HOME/jre/lib/security/cacerts -file lets-encrypt-x3-cross-signed.der -storepass changeit

Certificate order in Haproxy PEM file

21.07.2016 Автор reverse

For SSL in Haproxy you need to create PEM-file and put cert plus private key. But in right order —–BEGIN MY CERTIFICATE—– —–END MY CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN ROOT CERTIFICATE—– —–END ROOT CERTIFICATE—– —–BEGIN RSA PRIVATE KEY—– —–END RSA PRIVATE KEY—–

Show information of certificate

24.12.2015 Автор reverse

Run this command if you want get SSL certificate info from bash openssl x509 -in certificate-1.crt -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux

Maximum Haproxy performance by OpenSSL version

05.08.2015 Автор reverse

Оставлю эту картинку тут Источник И небольшая презентация http://www.whd.global/downloads/2014/sStag1d1.pdf