SSLTrust

Setup Squid Forward Proxy

Posted on September 9, 2016

If you’re reading this article, you’re probably frustrated  by the lack of relevant information about Squid, a very popular forward proxy. Some of these frustrations involve major usability changes occurring after minor software revisions, misconceptions about what’s actually happening behind-the-scenes, and genuinely poor documentation. This aims to be a comprehensive primer which will get you up and running with Squid. First though, why might you want to use a forward proxy? Back in the day, it used to be very…

Continue Reading

Is your wordpress blog secure from hackers?

Posted on August 29, 2016

WordPress is one of the most popular website platform for creating websites and blogs.  The reason for its popularity is obviously is the ease of use, maintaining it and also updating content to it. Every popular software, becomes a target of criminals automatically due to widespread use of it and many users actually using it. Brute password discovery and PHP MySql vulnerabilities is often the most popular illegal entry door for criminals looking to break into your blog or website…

Continue Reading

Generate and Install Code Signing Certificates for Windows and Java

Posted on July 11, 2016

Usually when we think about SSL/TLS and certificates the first thing that comes to mind are the certificates used by a web server – and this makes sense because it is by far the most common usage for them. However, the specification for x.509 certificates has a lot of other uses as well. To recap, a certificate is the public key in a public/private keypair (usually generated with RSA or ECDSA). A code signing certificate is a special kind of…

Continue Reading

Setup Reverse Proxy on Windows Server: ARR in IIS and the WAP remote access role

Posted on April 2, 2016

Previously, we took at look at how reverse (both terminating and non-terminating) are handled in the Linux world. In Windows though, we have two very viable options supported by Microsoft without using any third party software. These are respectively, the Web Application Proxy (part of the Remote Access Role), and ARR, a plugin for IIS. Web Application Proxy: The Web Application Proxy (WAP in typical parlance) is incredibly intuitive and easy to use. Publishing a “passthrough” is a simple unauthenticated…

Continue Reading

HAProxy TCP Reverse Proxy Setup Guide (SSL/TLS Passthrough Proxy)

Posted on March 22, 2016

This is Part 2 of our reverse proxy setup guides. Part 1 for NGINX can be found here. HAProxy is an incredibly versatile reverse proxy that’s capable of acting as both an HTTP(S) proxy like above, and a straight TCP proxy which allows you to proxy SSL connections as-is without decrypting and re-encrypting them (terminating). It doesn’t require a wild card (or any certificate, since the cert and private key live exclusively on the backend), but you lose the ability…

Continue Reading

NGINX Reverse Proxy Setup Guide

Posted on March 7, 2016

Reverse proxies accept connections on behalf of a server coming from a client. They are the opposite of forward proxies, which accept connections on behalf of a client destined for a server. They’re incredibly useful in two main cases: tightly controlled (and managed) ingress into a network, and supporting older products that don’t natively support the latest and greatest encryption. Let’s be honest, SSL/TLS involves a lot of details that all have to align just so. If you have 200…

Continue Reading

Perfect Forward Secrecy: An Insurance Policy for your Encrypted Data

Posted on February 13, 2016

As we already know, SSL/TLS couples the best parts of asymmetric and symmetric cryptography to provide a robust mechanism for securing data-in-flight. However, because the key exchange for the symmetric portion of the transaction occurs over the secure channel forged with your public key, whomever holds your private key can reliably decrypt all data intended for your consumption. What happens though, if someone passively collects your encrypted traffic and merely waits? One of two things might occur: either your private…

Continue Reading

Who Needs SSL?

Posted on January 9, 2016

Does everyone need SSL? It’s not mandatory for all sites – for now. Do most sites need it? Yes. Do you need it? Let’s find out. Firstly, Why SSL? Trust Internet users look for many trust signals when they visit a website. For casual browsing, their eyes and senses do a cursory review of the site they’re on for a visual and performance indication of quality. Does anything look out of place or suspicious? When users are at the point…

Continue Reading

Symantec Safe Site Discontinued

Posted on December 27, 2015

As of March 2016 Symantec will no longer be offering the Safe Site Seal with Malware Scanner. All current Seals will remain active for their full lifetime but will not be able to be renewed. This Safe Site Seal is a separate product to their SSL Certificate offerings and will not effect the SSL Certificates in anyway, as they too have a similar site seal that comes with the SSL. You will no longer be able to order the Safe…

Continue Reading

Internal names no longer allowed, what you need to know.

Posted on September 18, 2015

The CA/B Browser forum has announced that all the SSL certificates granted for Internal Server names will be revoked before October 26th 2015. As a result, IP addresses or intranet names can no longer be used as the primary domain names or Subject Alternative Names (SANs). Therefore, it is going to be virtually impossible for you to procure SSL certificates for host names if you can’t verify it externally. An internal name is categorized as the domain or IP address…

Continue Reading

Older Posts