Getting TLS certificates from Let’s Encrypt is easy, but that’s just part of the story. It may sound paranoid, but being able to revoke certs is almost equally important. The premise is that there’s always a chance that your private keys will leak. Maybe it will never happen to me, but it will eventually happen …
Tag Archives: ssl
Let’s Encrypt! [en]
… is where I’m getting the TLS certificates for this blog nowadays (after moving away from CAcert). I’ve been using Let’s Encrypt at work now and then. Many colleagues in my department are heavy users and my employer is a sponsor. So I knew what to expect and how to get started. Nevertheless, here’s a …
Goodbye CAcert [en]
When I started this blog back in 2010, I wanted HTTPS, but I didn’t want to pay extra for it. Back then that wasn’t as easy as it is today. So I compromised and got my TLS certificates from CAcert. Problem was that almost no OS or browser vendor trusted their certs. Debian and Ubuntu …
OpenSSL CLI-Cheat-Sheet [en]
The OpenSSL library is utilized by a wide range of other open-source projects, like web-servers, mail-servers, VPN-servers, etc. When dealing with such software and SSL, it often proves useful to be familiar with the openssl command-line tools. Of course, OpenSSL does have great man-pages, and a quick web-search reveals plenty of usage examples. However, OpenSSL …
29C3 Talk: Certificate Authority Collapse [en]
Just watching axelarnbak‘s 29C3 talk on Certificate Authority Collapse, which covers structural flaws in SSL. I’ve reported on the mess with SSL before, and you may notice related complications (see CAcert) while browsing this page. After a good summary, the talk mainly focuses on structural problems and regulatory solution approaches. But apparently there are other …
Continue reading “29C3 Talk: Certificate Authority Collapse [en]“
SSL Seriously? [Update] [en]
I just ordered a muilti-domain SSL-certificate for 3 of the websites that are run by my company. It’s a simple domain-validated certificate, so they sent me a validation e-mail to the webmaster address of the domain. Yes, you heard right! I’m saying the domain, cause they only bothered to validate one of the three Domains …