Let’s Encrypt certificates with one name on different servers

This is an interesting one. The first impulse is to simply answer NO, you can’t do it, that’s the point of HTTPS. But it’s all about networking and one can do quite some magic with proxies, forwarding, and the SNI extension in TLS protocols.

Continue reading Let’s Encrypt certificates with one name on different servers

Let’s Encrypt in the spotlight

We have compiled all practical information we could find and written it up at Numbers you need to know. It’s a long list of restrictions, rate limits, and other useful information to keep in mind.  Here’s a few selected points that we found interesting. Big thanks to schoen from Certbot/EFF for pointing out numerous inaccuracies.

Continue reading Let’s Encrypt in the spotlight

Guardian, FT, etc. share their internet encryption keys with many

We have all heard about hackers stealing huge user databases with passwords as they are tempting bounties. FT, Guardian and many others create a new kind of reward – their internet encryption keys via CDNs – services speeding up web traffic.

Continue reading Guardian, FT, etc. share their internet encryption keys with many

SSL certificates – 7 Free Spot Checks in one go – KeyChest

While implementing features of the certificate planner, we have added a few handy features to the KeyChest spot checker as well. It is now much more than just a tool to check when a website certificate expires.

Continue reading SSL certificates – 7 Free Spot Checks in one go – KeyChest

Meet your internet neighbors – sharing SSL keys with strangers

You may think I’m pulling your leg, when I say that you share encryption keys with an adult content website, road sweepers West Sussex, or hackers trying to impersonate Apple. But that’s exactly what happens when you use a free (CDN) service with HTTPS.

Continue reading Meet your internet neighbors – sharing SSL keys with strangers

KeyChest – FREE plan and track for 100% HTTPS uptime

We have been using Letsencrypt certificates for a year now. As it is free, we have been constantly increasing the number of services using it. I personally like the three months validity as it makes renewals a “business as usual” task, rather than incidents. But it doesn’t happen through magic.

Continue reading KeyChest – FREE plan and track for 100% HTTPS uptime

EV Certificates – Value for Money? Incl. Troy Hunt Q&A

I have come across Troy Hunt’s article yesterday about getting an EV certificate. His initial assumption is that EV certificate actually proves something, unlike many other seals of “security”. But is it really worth spending $80+/year?

Continue reading EV Certificates – Value for Money? Incl. Troy Hunt Q&A

How Certbot and Letsencrypt Work (DNS and SNI-TLS automation)

We introduce an integration plugin for Let’s Encrypt. It provides integration for a variety of mechanisms that enable and simplify verification of domain control and certificate installation. We already tested it with Dehydrated (former letsencrypt.py) . It supports all existing verification methods: DNS, HTTP and TLS-SNI, in their current versions “01”.

Continue reading How Certbot and Letsencrypt Work (DNS and SNI-TLS automation)

Your HTTPS Certificate Shows Where Its Key Comes From

We have extended the original research and can now use information from public keys (HTTPS, TLS, SSH, SSL) to audit cyber security management and compliance with internal standards.

Continue reading Your HTTPS Certificate Shows Where Its Key Comes From