Website Security Solutions | Latest Guides | Blog

Plesk SSL Configuration and Installation Guide

This guide will take you through the entire process to make your website fully secure with the Plesk Web Hosting Manager. Step 1: Generating a CSR and Private Key Step 2: Order and Configure the SSL Certificate Step 3: Install the SSL Certificate on Plesk Step 4: Check the SSL is working Step 1. Generating a CSR and Private Key 1: Login to your Plesk Web Hosting Manager and navigate… [read more →]

Compiling OpenSSL from Source (Windows and Linux)

Why would I want to compile OpenSSL myself? OpenSSL is a popular library used for performing various actions around SSL/TLS such as generating keypairs, creating CSRs, and testing connectivity against endpoints encrypted via SSL/TLS. While alternatives such as BoringSSL and LibreSSL do exist, OpenSSL is ubiquitous in the enterprise. OpenSSL comes pre-packed with most Linux distributions, and most… [read more →]

cPanel SSL Configuration and Installation Guide

We all know how hard it seems to manually install an SSL Certificate on your server/hosting plan without any know-how of all the technical stuff. The good news is. This guide will go through the entire process to get you up and secure quickly. It can be used to install an SSL Certificate on your cPanel WHM. Step 1: Generating a CSR and Private Key Step 2: Order and Configure the SSL… [read more →]

A Guide to Intermediate Certifiates

Intermediate certificates are often a topic of confusion. It’s understandable. We pay a lot of attention to root certificates as they require a lot of active management on the client. Leaf certificates on the endpoint are the star of the show – they’re what we’re trying to validate in the first place. But intermediate certificates? Unless something goes horribly wrong we often don’t think about them. Why… [read more →]

Setup and secure FTP server in IIS

FTPS has always been a topic of much confusion among systems administrators. It has also largely fallen out of favor in deference to SFTP which has fewer networking requirements. But what is the difference between FTPS and SFTP? What about FTPS is so complicated? FTP (File Transfer Protocol) is simply FTP over SSL/TLS. Remember, SSL/TLS is protocol agnostic, and any communication protocol… [read more →]

Setup and Secure XMPP Over SSL/TLS on Ubuntu

Instant Messaging is a popular method of communication both at home and in the workplace. It is not always easy however to ensure that communication remains private. One of the best ways to guarantee message privacy is to both self-host the infrastructure, and encrypt communications in-transit. Today we will be installing a free and open source (FOSS) package, ejabberd, and connect to it with a… [read more →]

Encrypting files with GPG using GPG4WIN

Usually we focus on SSL/TLS and its role in encryption in-transit. However, equally worth understanding is encryption at-rest. While encryption in-transit (also called in-flight) focuses on secure transmission via an insecure channel, both the sending and receiving endpoint have access to the information in the clear. In contrast, encryption at-rest encrypts data sitting on a hard drive. This… [read more →]

M of N Setup with NitroKey HSM

This is perhaps one of the most abstract uses of an HSM, so let’s start with a real-world scenario. Your IT department recently read the last article in this series and wants to setup an offline root CA whose private key is stored on the Nitrokey HSM. Just like any hardware, the NitroKey has the potential to be a single-point-of-failure. Nitrokey’s backup model allows for backups to be taken tha… [read more →]

Create an Internal PKI using OpenSSL and NitroKey HSM

In our last article, we have covered getting started with the NitroKey HSM. Today we will go through the process of setting up an entire internal PKI backed by the security guarantee the HSM provides. First, we will generate a root CA with a private key living on the HSM’s hardware. Then, we will generate an Intermediate CA, whose private key will live secured by file system permissions in Linux. T… [read more →]

NitroKey HSM introduction, setup and use case overview

SSL/TLS relies on a public/private keypair in order to keep data secure in transit. If a private key is no longer private, the communication is no longer secure. For most organisations, simply making sure to generate private keys on the server where they will be used is reasonably secure. It is a much more difficult and expensive proposition to protect against even the server itself being… [read more →]