Becoming your own local certificate authority (and issue your first certificate)

An article, posted more than 6 years ago filed in security, chrome, Firefox, Safari, certificate & how i do it.

It has been quite some time ago, but here is another 'how i do it' article :)

If, by 'accident' you have, like me, chosen projectname.dev for your local development as a convention, and you want to continue using this convention; you will need to become your own CA. There is no other way around it. I tried searching disabling HSTS for localhost.dev, certificate for localhost.dev, but to no avail. Being your own CA, however, makes you HSTS proof (note that you can’t typically override an already set HSTS certificate, that is by design). However, in the old days you could simply mark your own self-signed certificate as trusted for your own domains. This is becoming less of an option these days. Becoming your own CA, however, still is an option.

Warning: The chain of trust

You should trust yourself not share your rootCA’s key and cert with anyone e…

Continue reading...

Let’s encrypt! It’s easy!

An article, posted more than 8 years ago filed in let's encrypt, letsencrypt, security, privacy, https, ssl, certificate, how i do it, nginx & tls.

There important reasons to use HTTPS. It makes your systems more secure, helps to protect your users privacy, and will prevent others to hijack your account to deface your site.

If you’ve ever tried to secure your site you may have found how hard it is. You have to generate a private key, a certificate signing request, upload that request somewhere, pay, process the e-mail, upload the certificate, configure your server and set a reminder that in 1, 2, 3 or 5 years you’ve got to go through most of that same process again (which I described before in more detail in an earlier "how I do it"-article. Well, no longer! Enter: Let’s encrypt.

> Actually, Let’s encrypt is so easy that I had doubts whether I should even write this post. But maybe it wins an extra soul or two over.

The recommended way to get sta…

Continue reading...

Setting up https/spdy communication for your website with nginx

An article, posted about 10 years ago filed in ssl, https, nginx, server, configuration, security, privacy, certificate & how i do it.

In case you do something with user accounts on your website, you definitely want to make sure you're using https. In general it protects the user's privacy, also when just reading content on your website. The only thing that can be seen by a middleman is that the person is viewing something at your server, the rest is all encrypted. And since Google has started to rank https-websites higher it has even become a SEO technique :) ). This article explains you how to serve your pages over https.

Update: a better option exists nowadays for non-domain validated certificates: Let's encrypt!

While the path to your server from someones desktop could be considered relatively ok in the past (harder to tap, putting a lot of trust in everything from the ISP to the internet exchanges and everything else in between), things have changed now. Wit…

Continue reading...

Dan had je maar niet...

An article, posted more than 10 years ago filed in gebruiksvriendelijkheid, privacy, gebruikers, software, it, Kennis, veiligheid, hacken, certificate & openssl.

Veel programmeurs zijn naast lichtelijk autistisch ook lichtelijk anarchistisch. Informatie moet vrij zijn, code het liefst openbaar, er moet gehackt kunnen worden en alsjeblieft geen centrale autoriteit. Maar hoe om te gaan met dat anarchistische resultaat, het internet?

Deels komt de anarchistische grondhouding van programmeurs voort uit de academische wereld waaruit de IT voortkomt en waarin beeldbepalende technologieën als het internet groot zijn geworden (nadat het door de Amerikaanse defensie was opgezet). Voor de vooruitgang is dit zeer goed geweest, juist dankzij het nagenoeg niet aanwezig zijn van belemmeringen en de continue uitwisseling van ideeën kon het internet onbegrensd groeien tot wat het nu is.

Wat gecreëerd is in een anarchistisch milieu gedraagt zich echter ook anarchistisch en zo zitten we nu met een internet dat op zich wel redelijk veilig kán zijn, maar wel alleen wanneer je om kunt gaan …

Continue reading...

murb blog