Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS

Let’s Encrypt has taken the world by storm by providing free SSL certificates that can be renewed via automated methods. They have issued over 1.4 million certificates since launch in the fall of 2015. If you are not familiar with how Let’s Encrypt operates, here is an extremely simple explanation: Create a private key Make a request for a new certificate Complete the challenge process You have a certificate! That is highly simplified, but there is plenty of detail available on how the whole system works....

2016-03-31 · 4 min · Major Hayden

Woot! Eight years of my blog

The spring of 2015 marks eight years of this blog! I’ve learned plenty of tough lessons along the way and I’ve made some changes recently that might be handy for other people. After watching Sasha Laundy’s video from her awesome talk at Pycon 20151, I’m even more energized to share what I’ve learned with other people. (Seriously: Go watch that video or review the slides whether you work in IT or not. It’s worth your time.) Let’s start from the beginning. ...

2015-04-14 · 4 min · Major Hayden

Apache’s mod_proxy, mod_ssl, and BitTorrent Sync

BitTorrent Sync allows you to keep files synchronized between multiple computers or mobile devices. It’s a handy way to do backups, share files with friends, or automate the movement of data from device to device. It comes with a web frontend, called the Web UI, that allows for connections over HTTP or HTTPS. Using HTTP across the internet to administer Sync seems totally absurd, so I decided to enable HTTPS. I quickly realized two things:...

2014-09-28 · 2 min · Major Hayden

Survive the Google Reader exodus with Tiny Tiny RSS

It’s no secret that Google Reader is a popular way to keep up with your RSS feeds, but it’s getting shelved later this year. Most folks suggested Feedly as a replacement but I found the UI quite clunky in a browser and on Android devices. Then someone suggested Tiny Tiny RSS. I couldn’t learn more about it on the day Google Reader’s shutdown was announced because the site was slammed. In a nutshell, Tiny Tiny RSS is a well-written web UI for managing feeds and a handy API for using it with mobile applications....

2013-03-17 · 2 min · Major Hayden

Using OpenSSL’s s_client command with web servers using Server Name Indication (SNI)

One of the handiest tools in the OpenSSL toolbox is s_client. You can quickly view lots of details about the SSL certificates installed on a particular server and diagnose problems. For example, use this command to look at Google’s SSL certificates: openssl s_client -connect encrypted.google.com:443 You’ll see the chain of certificates back to the original certificate authority where Google bought its certificate at the top, a copy of their SSL certificate in plain text in the middle, and a bunch of session-related information at the bottom....

2012-02-07 · 2 min · Major Hayden

Private network interfaces: the forgotten security hole

Regardless of the type of hosting you’re using - dedicated or cloud - it’s important to take network interface security seriously. Most often, threats from the internet are the only ones mentioned. However, if you share a private network with other customers, you have just as much risk on that interface. Many cloud providers allow you access to a private network environment where you can exchange data with other instances or other services offered by the provider....

2010-03-02 · 3 min · Major Hayden

Requiring SSL encryption for WordPress administration

I was digging around for WordPress plugins last night that would allow me to secure the administrative login page for my WordPress installations. Most of the plugins are only compatible with WordPress 2.7.x or earlier, so I was a little concerned about them working with WordPress 2.8.2. Then I stumbled upon the WordPress documentation that shows you how to require SSL with no plugins at all. If you’re using WordPress 2....

2009-07-31 · 1 min · Major Hayden

Adding SSL encryption to vsftpd

There may be some situations where you want to encrypt FTP traffic with SSL certificates rather than using SFTP with SSH. Using vsftpd with SSL encryption is quite easy, and here’s how it’s done: First, you’ll need to make a new self-signed SSL certificate (if you don’t have a key and certificate available already): Once you have the key and certificate made, you’ll need to concatenate them into a PEM file:...

2007-11-26 · 1 min · Major Hayden

OpenSSL Tricks

Create a strong CSR and private key openssl req -new -nodes -newkey rsa:2048 -out server.crt -keyout server.key Parsing out the data within a certificate openssl asn1parse -in server.crt Checking a certificate/key modulus to see if they correspond openssl rsa -in server.key -modulus -noout | openssl md5<br /> openssl x509 -in server.crt -modulus -noout | openssl md5 Convert a key from PEM -> DER openssl rsa -inform PEM -in key.pem -outform DER -out keyout....

2007-11-07 · 1 min · Major Hayden