VirtualTam's bookmarks

21. crt.sh | Certificate Search 2018-11-21

    tags: cryptography/certificate, letsencrypt, network/http, network/transport-layer-security, security

    [ permalink ]

    • https://transparencyreport.google.com
22. Displaying a remote SSL certificate details using CLI tools - Server Fault 2018-11-15

    tags: command-line, cryptography/certificate, network/nmap, network/transport-layer-security, openssl, security

    [ permalink ]
23. Building Docker Images for Static Go Binaries – Kelsey Hightower – Medium 2018-08-18

    tags: linux, linux/container/docker, network/transport-layer-security, programming/go

    [ permalink ]
24. Let's Encrypt with HAProxy 2018-07-25

    tags: cryptography/certficate, letsencrypt, network/http, network/http-server/haproxy, network/tcp, network/transport-layer-security

    [ permalink ]

    • https://github.com/letsencrypt/acme-spec/issues/33
    • https://coolaj86.com/articles/adventures-in-haproxy-tcp-tls-https-ssh-openvpn/
    • https://blog.chmd.fr/ssh-over-ssl-episode-4-a-haproxy-based-configuration.html
25. docker_auth: Authentication server for Docker Registry 2 2018-06-26

    tags: linux/container/docker, network/ldap, network/transport-layer-security, security/authentication

    [ permalink ]

    • https://hub.docker.com/r/cesanta/docker_auth/
    • https://github.com/kwk/docker-registry-setup
    • https://docs.docker.com/registry/spec/auth/token/
26. https - How to run Gitlab in docker container with nginx-proxy over ssl with letsencrypt securely - Stack Overflow 2018-06-11

    tags: linux/container/docker, network/http, network/http-server/nginx, network/proxy, network/transport-layer-security, source-code-management/git, source-code-management/gitlab

    [ permalink ]

    Container setup:

    • https://gist.github.com/netdesk/c1db2985b542f9916995139318e5a7ce
    • https://hub.docker.com/r/jwilder/nginx-proxy/
    • https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/

    Gitlab settings:

    • https://docs.gitlab.com/omnibus/docker/
    • https://docs.gitlab.com/ce/administration/environment_variables.html
    • https://docs.gitlab.com/omnibus/settings/ssl.html
    • https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template

    Performance considerations:

    • https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html (skip the cgroups section for Gitaly as we are already running in a container)
    • https://docs.gitlab.com/ee/update/#gitaly-omnibus-gitlab-configuration-structure-change for Gitlab 16 changes to Gitaly configuration
27. OpenVPN Community Software 2018-05-24

    tags: cryptography/public-key-infrastructure, cryptography/rsa, linux, network, network/transport-layer-security, network/vpn, security

    [ permalink ]

    • https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
    • https://openvpn.net/index.php/open-source/documentation/howto.html
    • https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html
    • https://wiki.archlinux.org/index.php/OpenVPN
    • https://wiki.archlinux.org/index.php/Easy-RSA
    • https://wiki.debian.org/OpenVPN
28. HTTPS Certificate Configuration (Version 4.x and newer) - Proxmox VE 2018-05-04

    tags: letsencrypt, network/http, network/transport-layer-security, virtualization/proxmox

    [ permalink ]

    • https://forum.proxmox.com/threads/let%E2%80%99s-encrypt-with-proxmox-ve.26842/
    • https://forum.proxmox.com/threads/certificate-startup-problems.25815/
29. tls - How do I use "openssl s_client" to test for (absence of) SSLv3 support? 2018-03-07

    tags: cryptography/certificate, network/http, network/transport-layer-security, openssl, web

    [ permalink ]

    • https://www.madboa.com/geek/openssl/
    • https://major.io/2012/02/07/using-openssls-s_client-command-with-web-servers-using-server-name-indication- sni/
    • https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
30. Weak cryptographic standards removal notice | GitHub Engineering 2018-02-23

    tags: cryptography/encryption, network/http, network/transport-layer-security, security, source-code-management/github

    [ permalink ]
31. How to Setup FileBeat with Basic Auth for LogStash Output? - Filebeat - Discuss the Elastic Stack 2018-01-12

    tags: cryptography/certificate, cryptography/certificate-authority, network/transport-layer-security, observability/elastic, observability/elastic/beats, observability/elastic/logstash, security, security/authentication

    [ permalink ]

    • https://github.com/logstash-plugins/logstash-input-beats/issues/8
    • https://www.elastic.co/guide/en/logstash/current/plugins-inputs-beats.html
    • https://www.elastic.co/guide/en/beats/filebeat/master/config-filebeat-logstash.html
    • https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html
    • https://www.gilesorr.com/blog/elkbeats-beats-secure.html
    • https://discuss.elastic.co/t/beats-logstash-security-use-of-security-token-to-authenticate-clients/104981/4
    • https://stackoverflow.com/questions/40341664/how-to-configure-logstash-and-filebeat-ssl-communication
32. Generate Mozilla Security Recommended Web Server Configuration Files 2017-10-09

    tags: apache, cipher, network/http, network/http-server/nginx, network/transport-layer-security, security, server

    [ permalink ]

    • https://github.com/mozilla/server-side-tls
    • https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
    • https://security.stackexchange.com/questions/51680/optimal-web-server-ssl-cipher-suite-configuration
    • https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
33. Red Hat Directory Server - Chapter 14. Managing Replication 2017-09-20

    tags: 389-ds, linux, linux/centos, linux/red-hat, network/ldap, network/transport-layer-security, replication, security/authentication

    [ permalink ]

    • http://directory.fedoraproject.org/docs/389ds/howto/howto-replicationmonitoring.html
    • http://directory.fedoraproject.org/docs/389ds/howto/howto-walkthroughmultimasterssl.html
    • http://www.port389.org/docs/389ds/FAQ/faq.html#how-does-the-389-multi-master-replication-work
34. Project Everest 2017-09-15

    tags: cipher, cryptography, microsoft, mozilla, network/transport-layer-security, security

    [ permalink ]

    • https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
    • https://eprint.iacr.org/2017/536
    • https://github.com/mitls/hacl-star
35. Apache Tomcat 8 Configuration Reference (8.0.45) - The AJP Connector 2017-08-16

    tags: apache, network/http, network/http-server/apache-httpd, network/proxy, network/transport-layer-security, programming/java, tomcat, web

    [ permalink ]

    • https://stackoverflow.com/questions/23931987/apache-proxy-no-protocol-handler-was-valid
    • https://serverfault.com/questions/746810/enforcing-client-verification-in-apache-just-for-a-specific-client-certificate
    • https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
    • https://serverfault.com/questions/639317/ah01896-unable-to-determine-list-of-acceptable-ca-certificates-for-client-authe#842857
    • http://www.zeitoun.net/articles/configure-mod_proxy_ajp-with-tomcat/start
    • https://wiki.apache.org/tomcat/FAQ/Connectors
    • https://serverfault.com/questions/785652/how-do-i-configure-apache-to-proxy-tomcat-using-ajp
36. Planning out my self-host setup for my 2.5TB of data - would love critique! : selfhosted 2017-07-13

    tags: cloud, data, linux, linux/container, linux/container/docker, network/http, network/transport-layer-security, self-hosting, virtualization/proxmox

    [ permalink ]
37. CentOS 7.0 - man page for update-ca-trust (centos section 8) - Unix & Linux Commands 2017-06-30

    tags: cryptography/certificate, linux, linux/centos, linux/red-hat, network/transport-layer-security

    [ permalink ]
38. certificate - What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats? - Server Fault 2017-06-16

    tags: cryptography/certificate, cryptography/public-key-infrastructure, format, key, network/transport-layer-security, openssl, security

    [ permalink ]

    YO DAWG! I SAW YOU LIKE STANDARDS...

39. Ivan Ristić: Deploying Forward Secrecy 2017-06-16

    tags: cryptography, cryptography/encryption, diffie, hellman, network/transport-layer-security, privacy, security

    [ permalink ]

    • https://wiki.openssl.org/index.php/Diffie_Hellman
    • https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
    • https://wiki.openssl.org/index.php/Manual:Dhparam(1)
    • https://security.stackexchange.com/questions/94390/whats-the-purpose-of-dh-parameters
    • https://en.wikipedia.org/wiki/Forward_secrecy
40. ssl - How can I generate a self-signed certificate with SubjectAltName using OpenSSL? - Stack Overflow 2017-04-25

    tags: cryptography/certificate, network/dns, network/transport-layer-security, openssl

    [ permalink ]

    via https://github.com/chef-cookbooks/openssl/issues/37