Yesterday was the day that the TLS certificate of my Synology NAS expired. And since I have no monitoring to alert me, I only found out today. The bad news: HSTS was also enabled so my browser did not want to connect even though I told it to ignore the invalid certificate. The good news: I had enabled the SSH service. This allowed me to fix this situation via the command line interfaces (CLI).
Articles tagged as “tls”
The Heartbleed bug triggered a review of the configuration of my own web server. As a result I discovered that I had my Online Certificate Status Protocol (OCSP) stapling configured wrong. In this article I will briefly explain OCSP and OCSP stapling, what I had done wrong and what is a—as far as I now know—right way to implement OCSP stapling in Nginx.
Since April 2012 we are using Whiskers to store information about our Plone and Django buildouts. But when I moved the setup behind SSL, the browser started to complain about unsafe content.