Browsed by
Tag: SSL

Configure Apache for A-rating on SSLLabs

Configure Apache for A-rating on SSLLabs

Just add following lines to vhost.conf SSLEngine on SSLProtocol TLSv1.2 TLSv1.1 SSLProxyProtocol TLSv1.2 TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25

Add CA certifice from Let’s Encrypt to Java 8

Add CA certifice from Let’s Encrypt to Java 8

For add cert to Java 8 you need use keytool cd /tmp/ && \ curl -O https://letsencrypt.org/certs/letsencryptauthorityx1.der && \ sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -file letsencryptauthorityx1.der -storepass changeit && \ curl -O https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der && \ sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias lets-encrypt-x3-cross-signed -keystore $JAVA_HOME/jre/lib/security/cacerts -file lets-encrypt-x3-cross-signed.der -storepass changeitcd /tmp/ && \ curl -O https://letsencrypt.org/certs/letsencryptauthorityx1.der && \ sudo $JAVA_HOME/bin/keytool -noprompt -importcert -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -file letsencryptauthorityx1.der -storepass changeit && \ curl -O https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der && \ sudo $JAVA_HOME/bin/keytool -noprompt…

Read More Read More

Certificate order in Haproxy PEM file

Certificate order in Haproxy PEM file

For SSL in Haproxy you need to create PEM-file and put cert plus private key. But in right order —–BEGIN MY CERTIFICATE—– —–END MY CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN ROOT CERTIFICATE—– —–END ROOT CERTIFICATE—– —–BEGIN RSA PRIVATE KEY—– —–END RSA PRIVATE KEY———-BEGIN MY CERTIFICATE—– —–END MY CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN ROOT CERTIFICATE—– —–END ROOT CERTIFICATE—– —–BEGIN RSA PRIVATE KEY—– —–END RSA…

Read More Read More

Show information of certificate

Show information of certificate

Run this command if you want get SSL certificate info from bash openssl x509 -in certificate-1.crt -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_auxopenssl x509 -in certificate-1.crt -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux