Tag Archives: ssl

Puppet CRL Time Errors

Puppet is much loved for it’s clear meaningful messages when something goes wrong, made even more delightful when you combine it with the lovely error messages thrown out by OpenSSL. Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate … Continue reading

Tagged , , , , | 1 Comment

WordPress & SSL Fixes

I’ve been using WordPress for this blog for a number of years now – at some point I realised that whilst writing my own code is fun, there’s no need to reinvent yet-another-fucking-blog-platform and ended up selecting WordPress to use … Continue reading

Tagged , , , , , , , , | 2 Comments

SSL Intermediate CA Bundles with Amazon

When configuring SSL services, generally you need to set a certificate, a private key and the CA bundle containing the intermediate certificate(s), which is often a bundle of several different certificates. For example, https://www.jethrocarr.com‘s configuration looks like: SSLEngine on SSLCertificateFile … Continue reading

Tagged , , , , , | Leave a comment

Attack vectors for personal computers

I’ve put together a (very) simplified overview of various attack vectors for an end user’s personal computer. For a determined attacker with the right resources, all of the above is potentially possible, although whether an attacker would go to this … Continue reading

Tagged , , , , , | Leave a comment

Why SSL is really ISL

Secure transmission of data online is extremely important to avoid attackers intercepting data or claiming to be a site that they are not. To provide this, a technology called SSL/TLS (and commonly seen in the form of https://) was developed … Continue reading

Tagged , , , , , , , , , | Leave a comment

Firefox Mobile for Android CAs

I’ve been using Firefox Mobile on Android for a while (thanks to the fact that it means I can use Firefox Sync between my laptop and mobile to share data). Overall it’s pretty good and the last few releases have … Continue reading

Tagged , , , , | 6 Comments

National Bank SSL Cert Fail

Got to wonder about your bank when they manage to upload the wrong SSL certificate to one of their webservers. :-/ Every sysadmin has their bad day, but I would have thought a bank would have had a bit more … Continue reading

Tagged , , , , , | 8 Comments

Custom CA certificates & Android

With the number of servers I have internally, I have setup my own Certificate Authority and sign all my internal SSL certificates against this private CA. This offers the useful advantage of being able to import the one CA certificate … Continue reading

Tagged , , , , , , | 62 Comments