[Novalug] Free SSLcert from startssl.com and check at ssllabs.com.

Derek LaHousse dlahouss@mtu.edu
Thu Mar 26 00:59:14 EDT 2015


How does this get more security than using self-signed certificates?
Users who care can get the root cert directly, users who don't care
will just click through the warning anyway.

It's not like China recently issued a cert for www.google.com.

On Wed, Mar 25, 2015 at 6:06 PM, John Franklin via Novalug
<novalug@firemountain.net> wrote:
> I've been using both those for a while now.  It's a great way to validate your setup.
>
> That said, remember that Apache isn't the only app to use SSL certs.  Jabber servers, mail servers (both MTAs like Postfix and MDAs like Dovecot), and LDAP servers all use SSL when connecting to clients or other servers.  OpenVPN uses SSL to secure VPNs.  MySQL, if you have it running with slaves, can use SSL to encrypt the connections between servers.   Each of these need to be configured to ensure strong security.
>
> jf
>
> On Mar 25, 2015, at 10:29 AM, Miles D. Oliver via Novalug <novalug@firemountain.net> wrote:
>
>> I'm sure many others already know about this but since I just went through
>> the exercise for my personal website i figured I'd share.
>>
>> I hadn't really thought about adding an SSL cert to my personal webpage,
>> mainly because I didn't want to shell out the cash.
>>
>> After some searching I was able to get free 1 year SSL cert from
>> startssl.com so I went ahead and got one. Took me all of about 30 minutes
>> to get the certificate.
>>
>> I also found out about ssllabs.com  from a podcast where I could check the
>> cert and configuration.
>>
>> In another 30 minutes I was able to check my site and change my 'rating'
>> from "C"to "A" by disabling a lot of the old ciphers and protocols.
>>
>>         SSLProtocol All -SSLv2 -SSLv3
>>        SSLCipherSuite
>> ALL:!ADH:!EXPORT56:!RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:!SSLv3:+EXP
>>
>> Some older browsers won't be able to connect but its not like I have a big
>> following and I know its more secure.
>>
>> I've not done much Apache virtualhost configs before It was a good learning
>> experience.
>>
>> If you are thinking about a cert, free ones are available.
>> **********************************************************************
>> The Novalug mailing list is hosted by firemountain.net.
>>
>> To unsubscribe or change delivery options:
>> http://www.firemountain.net/mailman/listinfo/novalug
>
> --
> John Franklin
> franklin@elfie.org
>
>
>
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
>
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug




More information about the Novalug mailing list