Posts Tagged ‘ SSL

Configure Apache for A-rating on SSLLabs

Just add following lines to vhost.conf
SSLEngine on
SSLProtocol TLSv1.2 TLSv1.1
SSLProxyProtocol TLSv1.2 TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25

Add CA certifice from Let’s Encrypt to Java 8

For add cert to Java 8 you need use keytool

cd /tmp/ && \
curl -O https://letsencrypt.org/certs/letsencryptauthorityx1.der && \
sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -file  letsencryptauthorityx1.der  -storepass changeit && \
curl -O https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der && \
sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias lets-encrypt-x3-cross-signed -keystore $JAVA_HOME/jre/lib/security/cacerts -file lets-encrypt-x3-cross-signed.der -storepass changeit

Read more

Certificate order in Haproxy PEM file

For SSL in Haproxy you need to create PEM-file and put cert plus private key. But in right order

-----BEGIN MY CERTIFICATE-----
-----END MY CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN ROOT CERTIFICATE-----
-----END ROOT CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Show information of certificate

Run this command if you want get SSL certificate info from bash

openssl x509 -in certificate-1.crt -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux

Maximum Haproxy performance by OpenSSL version

Оставлю эту картинку тут

haproxy SSL

haproxy SSL


Источник
И небольшая презентация http://www.whd.global/downloads/2014/sStag1d1.pdf