KeyChest – Getting Rid of Broken Padlocks

We all have seen it – I go to visit an interesting blog, DEFCON website, or pay for your parking on the go. But I can’t – the website or web service has an expired certificate and the “damn security wouldn’t let me do it”.

“Read More”

Growth Of HTTPS Public Logs (CT)

Category : https , keychest

As we have a database of all the issued public certificates, we started looking at some of the data. This is a quick note about the frequency of updates of certificate transparency (CT) logs.

“Read More”

Real-Time Certificate Info – 5,560,000,000 KeyChest Index

We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.

“Read More”

PDF Signing With CloudFoxy And Smartcards – Production Notes

Category : https , security

We have handed over the first deployment of our CloudFoxy (smart cards over RESTful API) for PDF signing and it is now in live use. Here are a few observations of mine about dependencies, performance, and delivery.

“Read More”

Automate certificate monitoring with free API – KeyChest

Our certificate monitoring KeyChest has an initial RESTful API for remote enrolment of new certificates and for checking certificate expiry. Its design supports automation without any initial security/authorization setup.

“Read More”

How secure is CloudFlare “flexible SSL” option

Category : https

One would expect that when you decide to secure your web-server traffic with HTTPS, you do it for the security. Some, however, do it mostly to improve their SEO. CloudFlare flexible SSL is exactly for this.

“Read More”

Planning TLS certificate renewals – define a process

Category : https , letsencrypt , security

This text is about creating a process around planning certificate renewals. As part of our KeyChest re-design, we created a sequence of meaningful checks for TLS certificates to get them always renewed before your web services go down.

“Read More”

KeyChest now runs over 500,000 TLS checks every day

We checked recent statistics of the KeyChest service. While the overall load is gradually increasing, we also increase the number of checks we perform. It’s now over 500,000 a day since March 26. But we should be fine till a major system upgrade coming soon.

“Read More”

Let’s Encrypt uptime is 99.9% — or 98.8% without defects in 2017

Category : https , letsencrypt

As I was collecting reliability data for several PKI systems, I included Let’s Encrypt as it’s by far the biggest PKI system I was aware of. It provides its status data and its history at https://letsencrypt.status.io and here’s my informal analysis of its production systems.

“Read More”

Let’s Encrypt certificates with one name on different servers

Category : https , letsencrypt , security

This is an interesting one. The first impulse is to simply answer NO, you can’t do it, that’s the point of HTTPS. But it’s all about networking and one can do quite some magic with proxies, forwarding, and the SNI extension in TLS protocols.

“Read More”

Browse by date

Dec 2018
M T W T F S S
« Nov    
 12
3456789
10111213141516
17181920212223
24252627282930
31