Security

acme.sh: getting free SSL certificates – installation configuration on FreeBSD

Leave a Comment / Let's Encrypt, named, nsupdate, OpenSSL, Security / By /

This blog post describes my Let’s Encrypt solution which uses acme.sh and dns-01 challenges to obtain SSL certificates. If you are using HTTP challenges, this post might still be useful, but your configuration will differ slightly. Let’s Encrypt is a certificate authority which has become wildly popular since it was launched in April 2016 (just a short 14 months ago). Why so popular? It provides a secure way to offer free SSL certificates. […]

acme.sh: getting free SSL certificates – installation configuration on FreeBSD Read More »

Did your system tell you about security updates?

Leave a Comment / FreeBSD, Security / By /

With all of the activity surrounding the Heartbleed Bug, it was great to see so many people helping out to keep things secure. Of note was the actions of the FreeBSD team in getting out bug fixes. I have three recommendations for you: Follow a release branch (as opposed to stable). Run freebsd-update in cron Subscribe to the freebsd-security-notifications list I used to follow STABLE. Now I follow RELEASE. The ease-of upgrading via

Did your system tell you about security updates? Read More »

mail.app on Apple OSX and IOS fail when connecting to 4096-bit StartCOM certificates

Leave a Comment / Security / By /

NOTE: this post title is inaccurate. It was not until later that I discovered the problem was related to 4908-bit certs, not 4096-bit certs. I appear to have found a bug with OSX and iOS. Neither one can handle a 4096-bit certificate by StartCom. Changing to a 2048-bit cert allowed the connection. I have not tested 4096-bit certs from other issuers. The scenario in question is an IMAP server running Dovecot. I tested

mail.app on Apple OSX and IOS fail when connecting to 4096-bit StartCOM certificates Read More »

Scroll to Top